agknn added a comment - 21/Mar/2017 8:19 AM @Bruno Vincent, indeed it is paid for. As is the plugin you are promoting. The security aspect you brought up is worth noting. If one feels unsure about opening their AD through an encrypted connection, connected with live data of their office365 users the "LDAPS -> Azure AD Domain Services" should be given considerable thought around the security implications. Just as would be needed with the plugin.

Bruno Vincent added a comment - 21/Mar/2017 8:03 AM @Kristian Nordman, Azure AD Domain Services - which is a paying option as of today - and LDAPS must be enabled in that case. For those of you who don't want an extra cost on Azure or are not allowed by their security team to enable the LDAPS port, you might want to take a look at the [ODCC| https://marketplace.atlassian.com/plugins/com.cleito.odcc/server/overview ] plugin (which comes with no extra cost on Azure and uses pure HTTPS requests to Microsoft Graph API).

agknn added a comment - 21/Mar/2017 7:15 AM Crowd can be setup using Azure AD. Follow the link PJ van Dyk used and then set it up as a regular AD. Make sure to use email as "user name attribute".

Adam Sanders added a comment - 06/Feb/2017 5:47 PM Azure does now provide LDAP connectivity - and has done for a while - when will Atlassian support it?

Bruno Vincent added a comment - 31/Jan/2017 5:22 PM @Patrick, yes it has. Azure AD Users with the accountEnabled attribute set to false are considered as inactive in Crowd (they are marked as Blocked in Office 365 administration portal).

Patrick van der Rijst added a comment - 31/Jan/2017 5:06 PM Awesome, this has support that it can also sync users back that are listed as disabled in Azure? That's what currently is missing from other add-ons.

Bruno Vincent added a comment - 31/Jan/2017 5:03 PM Hi again, I just wanted to let you know that our Office 365 Directory Connector for Crowd (ODCC) is now available on Atlassian Marketplace:  https://marketplace.atlassian.com/plugins/com.cleito.odcc/server/overview

Bruno Vincent added a comment - 25/Jan/2017 10:34 PM Hello everyone, I guess some of you will be interested in ODCC, our new plugin for Atlassian Crowd:  https://www.cleito.com/products/odcc/ ODCC stands for Office 365 Directory Connector for Crowd. It allows you to add your Office 365 / Windows Azure Active Directory to Atlassian Crowd as if it were a standard LDAP directory. The plugin uses Microsoft Graph API, so the connection between Crowd and Microsoft's Cloud is pure HTTPS (no LDAP!). You can see it in action here: https://www.youtube.com/watch?v=SH8R_emN43U Hope you'll like it! Bruno

Joost Van den Cruyce added a comment - 19/Jan/2017 8:49 AM for the record, I knew about the ldap approach, thanks for the detailed howto. But I'm actually referring to OAuth, saml functionalities like they are currently being implemented in the cloud versions...

PJ van Dyk added a comment - 18/Jan/2017 6:25 PM I managed to use ldap integration to connect my local Bamboo instance using LDAPS with Azure AD Domain Services. Working well so far. First setup LSAPS on Azure AD: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-admin-guide-configure-secure-ldap Second configure the ldap integration: https://confluence.atlassian.com/bamkb/how-to-set-up-ldap-in-bamboo-729978786.html Just watch out for Atlassian's documentation, they have contradicting statements on bamboo groups which could cause you headaches. Don't create "bamboo-admin" and "bamboo-user" groups in Azure AD but rather create your own groups that you can give the relevant access in bamboo. You can create an OU in Azure AD as the documentation shows, but its a lot of effort. I opted to just nest all the groups I needed for bamboo in another group that I used to filter my ldap search query.  Below is a tweaked version of atlassian-user-custom.xml I used to get it working. It's a but different to the example in the documentation.   // <?xml version= "1.0" encoding= "UTF-8" ?> <atlassian-user> <repositories> <!-- Default bamboo user repository (Put this first incase you have duplicate username for your main admin user so that you can always get in if integration fails)--> <hibernate name= "Hibernate Repository" key= "hibernateRepository" description= "Hibernate Repository" cache= " true " /> <!-- LDAP repository --> <ldap key= "ldapRepository" name= "Active Directory LDAP Repository" cache= " true " > <!-- [HOSTNAME], the hostname to your LDAP, (i.e.: 192.168.10.71) [DISPLAY-NAME], i.e.: Sample User. A [PASSWORD], password to authenticate "The user that you will use to auth against AD" --> <host>ldap.example.com</host> <port>636</port> <!--?| in <security...> we are going to authenticate our LDAP configuration against a user in our Active Directory whereas, in this example we will be using "Sample User. A" as user --> <securityPrincipal>bamboo@example.com</securityPrincipal> <securityCredential>yourpassword</securityCredential> <securityProtocol>ssl</securityProtocol> <securityAuthentication>simple</securityAuthentication> <baseContext>DC=example,DC=com</baseContext> <!-- in <baseUserNamespace> we are going to specify where our users have been created in the Active Directory --> <baseUserNamespace>OU=AADDC Users,DC=example,DC=com</baseUserNamespace> <!-- in <baseGroupNamespace> we are going to specify where our groups have been created in the Active Directory --> <baseGroupNamespace>OU=AADDC Users,DC=example,DC=com</baseGroupNamespace> <userSearchAllDepths> true </userSearchAllDepths> <groupSearchAllDepths> true </groupSearchAllDepths> <usernameAttribute>sAMAccountName</usernameAttribute> <!-- in <userSearchFilter> we are going to get all users that are members of "bamboo-admin" and "bamboo-user" groups --> <userSearchFilter>(&amp;(objectClass=person)(|(memberOf=CN=example-bamboo-admin,OU=AADDC Users,DC=example,DC=com)(memberOf=CN=example-bamboo-user,OU=AADDC Users,DC=example,DC=com)))</userSearchFilter> <firstnameAttribute>givenName</firstnameAttribute> <surnameAttribute>sn</surnameAttribute> <emailAttribute>mail</emailAttribute> <groupnameAttribute>cn</groupnameAttribute> <!-- in <groupSearchFilter> we are going to get all the groups specified in <baseGroupNamespace> (I did not create an OU here instead just nested all the groups I want use in bamboo inside this group) --> <groupSearchFilter>(&amp;(objectCategory=group)(memberOf=cn=bamboo-group,OU=AADDC Users,dc=example,dc=com))</groupSearchFilter> <membershipAttribute>member</membershipAttribute> </ldap> </repositories> </atlassian-user> Azure uses the same OU for Users and Groups: "OU=AADDC Users" if you wondered why I used that OU for groups.   Good luck.