Setup wizard - Tasks

Owned by Mari Fuglem
Last updated: Jan 15, 2024
3 min read

Start page

In many cases, the wizard can suggest appropriate configuration values for you automatically.

If this is the case, you will be notified. You might want to jump straight to the task summary using the suggested values instead of going through each step.

For this guide, though, we will run through each step of the wizard.

Active Directory Connection

Connecting to your Active Directory lets the wizard inspect your AD, suggest values, and validate that your configuration is valid. 

You can choose a pre-configured User Directory, or connect to an Active Directory server of your choice:

Canonical hostname

If issues.example.local is a DNS CNAME record, say for server123.example.local, then the canonical name is server123.example.local

Otherwise, if it's a DNS A record, then the canonical name is issues.example.com.

Usually, the wizard can determine this for you by looking it up in DNS on the server.

Note that even if you access JIRA using the short name http://issues, the canonical name is always in the FQDN form. (It is never just issues, but issues.example.com)

Kerberos Realm name

The Kerberos Realm name looks something like EXAMPLE.LOCAL or http://ACCOUNTING.COMPANY.COM

It is your Active Directory Domain name in upper case, dot-separated format.

If the wizard can't look this up in AD, it will instruct you on how to determine this on your client.

Active Directory account

Kerberos services need to be mapped to an Active Directory account. We recommend you use a separate AD account to map each Kerberos service.

Unless your instance is already mapped, the wizard will suggest an account name such as svc-jirasso-issues.

Encryption types

The wizard will suggest the strongest encryption type supported by your environment.

Some factors which may limit your choice of encryption strength:

  • If your Domain Functional Level is Window 2003, then only RC-4 is supported. However, in newer Java versions, RC4 HMAC encryption is no longer supported.

  • AES-256 is only supported if the Java used for running your Atlassian product has the Unlimited Strength Policy Files installed

 

Enabling AES 256 support in Java

If your service is already mapped to an account, then the strongest configured encryption type for that account is recommended. 

In this case, the wizard has recommended AES-256: