Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-3726

All auto group add per application vs user directory

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      When using Crowd to provide user management for multiple Atlassian products we would like to ability configure the application configuration in crowd to automatically add an authenticated user, instead of the connected user directory.

      For Example, if we have Stash, Jira, and Confluence. Each out of the box works the best if you allow a user to be automatically added upon authentication to the either the jira-users, confluence-users, or the stash-users local group. The user might not need nor have access to all 3, so we need the automatically add functionality at the application level.

      The workaround as i see it, is to have a duplicate of the user directory in Crowd, where each application config in crowd is connected to a seperate user directory. This seems wasteful of resources when the user pool amongs all the Atlassian application connected are from the same corporate LDAP/AD user directory. IE there is overlap of users, but all the users could have access to all the applications from the groups their are members.

            [CWD-3726] All auto group add per application vs user directory

            This feature will be available in the upcoming Crowd 3.1.1 release.

            Lukasz Pater added a comment - This feature will be available in the upcoming Crowd 3.1.1 release.

            The application is the right place to configure this feature, having it at the directory level (and having multiple-directories break CROWD SSO) is extremely inflexible.
            This really is a must for customers who manage multiple Atlassian applications for multiple teams, but want to use crowd's SSO feature.

            Derek Sheeman added a comment - The application is the right place to configure this feature, having it at the directory level (and having multiple-directories break CROWD SSO) is extremely inflexible. This really is a must for customers who manage multiple Atlassian applications for multiple teams, but want to use crowd's SSO feature.

            Hi Team,

            It'll be great as we get a solution from Atlassian on this, we are facing user limit issues when assigning users automatically to multiple groups based on crowd directory.

            thanks,
            Manish

            Manish Tiwari added a comment - Hi Team, It'll be great as we get a solution from Atlassian on this, we are facing user limit issues when assigning users automatically to multiple groups based on crowd directory. thanks, Manish

            DanaC added a comment -

            Also, you can't use crowd based SSO if you have 2 different user directories just to work around the issue of preventing users from automatically getting added to a *-users group.

            DanaC added a comment - Also, you can't use crowd based SSO if you have 2 different user directories just to work around the issue of preventing users from automatically getting added to a *-users group.

            Jon Sword added a comment -

            Hi Guys,
            This is a HUGE issue for customers moving to Data Center where licenses are more expensive. I have a lot more Confluence users that JIRA users - when ever someone logs into Confluence for the first time they are automatically added to the jira-users group. This can double my JIRA licenses and at $25,000 per thousand users - getting pushed over that line can get expensive very quickly.

            The workaround above does not work for us because we have shared groups between applications.

            Regards,
            Jon

            Jon Sword added a comment - Hi Guys, This is a HUGE issue for customers moving to Data Center where licenses are more expensive. I have a lot more Confluence users that JIRA users - when ever someone logs into Confluence for the first time they are automatically added to the jira-users group. This can double my JIRA licenses and at $25,000 per thousand users - getting pushed over that line can get expensive very quickly. The workaround above does not work for us because we have shared groups between applications. Regards, Jon

              mradochonski@atlassian.com Marek Radochonski (Inactive)
              49f552c5bd11 Dana Cleveland
              Votes:
              20 Vote for this issue
              Watchers:
              27 Start watching this issue

                Created:
                Updated:
                Resolved: