Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Has anyone used OKTA for user Authentication and AD for group Authorization for on-prem Confluence?

Joe Birney
Joe Birney
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 10, 2018

Folks

our company traditionally has been using LDAP to authenticate the users and have their group information stored in AD.  The idea was they can use AD to self-manage their own groups across all of the Atlassian tools. Life has been good.

However, at the direction of the security team, we now want to switch to use OKTA to provide the SSO authentication most of all our apps. We have been able to setup Confluence to authentication the users. But so far we have not found a way to pull in the user's group info from AD in such a setup (we are on Confluence 6.2).

 

Does anyone know if this is possible (we would like to stay away from Crowd for now)

 

Answer
Watch
Like Be the first to like this
785 views

2 answers

0 votes
Joe Birney
Joe Birney
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 11, 2018

Hi Amy

thanks for your feedback. That is what we tried to set up but apparently, it's not working just yet. 

Reply
0 votes
AnnWorley
AnnWorley
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 10, 2018

I cannot speak from personal experience but it is possible that the aggregating group memberships across user directories feature that was introduced with Confluence 5.7 may come in handy. The login would be controlled by the Okta directory but LDAP groups could still be used for Confluence permissions. This strategy is worth testing in your staging environment if possible.

Please review:

Managing Multiple Directories

Login
The directory order is significant during the authentication of the user, in cases where the same user exists in multiple directories. When a user attempts to log in, the application will search the directories in the order specified, and will use the credentials (password) of the first occurrence of the user to validate the login attempt.

Permissions
Aggregating membership (default)
The directory order is not significant when granting the user permissions based on group membership as Confluence uses an aggregating membership scheme by default. If the same username exists in more than one directory, the application will aggregate (combine) group membership from all directories where the username appears.

Example:

You have connected two directories: The Customers directory and the Partners directory.
The Customers directory is first in the directory order.
A username jsmith exists in both the Customers directory and the Partners directory.
The user jsmith is a member of group G1 in the Customers directory and group G2 in the Partners directory.
The user jsmith will have permissions based on membership of both G1 and G2 regardless of the directory order.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security