All auto group add per application vs user directory

When using Crowd to provide user management for multiple Atlassian products we would like to ability configure the application configuration in crowd to automatically add an authenticated user, instead of the connected user directory.

For Example, if we have Stash, Jira, and Confluence. Each out of the box works the best if you allow a user to be automatically added upon authentication to the either the jira-users, confluence-users, or the stash-users local group. The user might not need nor have access to all 3, so we need the automatically add functionality at the application level.

The workaround as i see it, is to have a duplicate of the user directory in Crowd, where each application config in crowd is connected to a seperate user directory. This seems wasteful of resources when the user pool amongs all the Atlassian application connected are from the same corporate LDAP/AD user directory. IE there is overlap of users, but all the users could have access to all the applications from the groups their are members.