Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Multiple credential support for single account?

Nick Bower
Nick Bower August 11, 2011

I've been investigating Crowd as a possible IMS (with SSO a nice to have for future expansion) for a project of around 2-3M initial customers.

Crowd has a very online identity model/schema - each principal has a username and password. Fine for online.

I have a situation however where we are authenticating multiple channels to the same account using a variety of techniques;

1) With what are essentially multiple passwords; a PIN in the case of a telephone IVR, and a password in the case of web.

2) By traversing to the account first using one or more asset ids they may have. Eg think efficiently authenticating using a mobile number OR username and a password in both cases.

What support does Crowd have for extending the identity model in this way? How flexible is it? I've looked at the plugin/connector architecture but this is lower level that that.

Also I can't find in the REST API anything on changing usernames. Is it not possible?

Watch
Like Be the first to like this
286 views

1 answer

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
m_
m@
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 11, 2011

Crowd supports user properties (details here: http://confluence.atlassian.com/display/CROWD/Specifying+a+User's+Attributes).

They could be used to store other credential information for a user that you would have to validate yourself. They are accessable on the user entity (See: http://confluence.atlassian.com/display/CROWDDEV/Crowd+REST+Resources#CrowdRESTResources-UserResource).

The search resource will allow you to find the user (See: http://confluence.atlassian.com/display/CROWDDEV/Crowd+REST+Resources#CrowdRESTResources-SearchResource) but you can't search by custom property so you wouldn't be able to find the user unless you had some other way to map your custom identifier to the username. This could be done in a plugin or with some other service.

Update: You might be able to get the effect of multiple usernames for user by creating multiple applications and using username aliasing, check out the documentation here:http://confluence.atlassian.com/display/CROWD/Specifying+a+User's+Aliases

Update: You cannot rename users in crowd, go take a look at https://jira.atlassian.com/browse/CWD-1133

View More Comments
Nick Bower
Nick Bower August 11, 2011

Thanks this is pretty much what I presumed reading the docs also.

Using attributes for second credentials means they're retrieved, not asserted. And you get none of the recovery/reset type features, or encrypted storage I'm sure.

And forcibly splitting identities by application to me sort of invalidates the business case for an IMS.

Regarding CWD-1133, I wonder how many married females for example participated in that product decision (0)... Bizarre.

Like
Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events