Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSO Confluence Authenticator does not add users to Internal Directory

Robert Knights1
Robert Knights
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 28, 2014

I am having an SSO issue which is basically the same as below, but with Confluence.

[https://answers.atlassian.com/questions/222631/jira-ad-custom-sso]

Previously, we have been using the Internal Confluence Directory autenticated via LDAP.

Addition of a custom SSO authenticator (written by a 3rd party) has been successful in a test environment, but only for users who already had a confluence account. Users who did not previously have an account are not added to {noformat}cwd_user{noformat}, nor are any default groups added to the internal directory.

I'm unwilling to hand over all control of users and groups to an external SSO provider since that would limit the use of user-groups within individual spaces. Ideally I'd like a way to use the default confluence authenticator if the user has not previously logged on via LDAP and otherwise use the SSO authenticator.

Does anyone have any suggestions on this?

Answer
Watch
Like Nelson Carranza likes this
420 views

1 answer

0 votes
Alejandro Conde Carrillo
Alejandro Conde Carrillo
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 28, 2014

Did you set a external user directory (LDAP) which contains the users which should authenticate? I think you will need to set the external directory in Confluence (and synchronize them) to be able to authenticate user from that directory using SSO.

View More Comments
Robert Knights1
Robert Knights
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 30, 2014

Yes, the external user directory (AD) is set for use in authentication only, but the internal directory is used to determine whether a user exists and what group they belong to.

ie. The default confluence authenticator allows you to configure a combined user/group management solution in which Confluence Manages users and groups and AD (the external directory) is used for authentication only.

Internal with External Authentication vs Full External user/group managemen

Because this is a 3rd party SSO provider, I'm currently unsure whether their system is most appropriate for both group/user management as well as authentication and so was hoping to use the existing Internal Directory with the SSO service for authentication only until this is determined. The SSO provider and the Confluence Internal Directory both authenticate against AD.

I am also unsure how this will work in terms of making sure that new users are automatically added to the appropriate default user group in the SSO provider after beginning use of confluence for the first time and how easy it will be to migrate existing groups to the SSO service synced with AD while maintaining user/group memberships other user/group metadata from the existing Confluence Internal Directory.

Questions:

* Is it possible to configure an SSO provider to only authenticate against AD while still copying users to the internal confluence directory and placing them in the appropriate default user group?

* If the above is not the best solution, what are the steps in migrating existing internal user metadata (groups etc) from the Internal Directory with LDAP Authentication to a new confluence User Directory?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.