Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence Azure Ad groups maping

Frédéric Grégoire
Frédéric Grégoire September 10, 2019

Hello,

 

A customer wants to test Confluence server in Azure... I have found the Microsoft tutorial to enable Azure AD SSO but don't understand how to map Azure AD groups to confluence groups. Can I add a Directory from the users administration page or Should I use Crowd ?

 

Can someone help me or redirect me to the relevant documentation ?

 

Regards,

 

Fred

Answer
Watch
Like Be the first to like this
2059 views

3 answers

0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 13, 2019

Hi @Frédéric Grégoire 

You can setup AzureAD to send group memberships as parts of the SAML response messages. It is a bit work to get AzureAD to send readable group names but we have created a document describing how to achieve this: https://docs.kantega.no/display/KantegaSSOEnterprise/Managed+and+Default+groups

With managed SAML groups, users are assigned and removed to groups based on the group settings at the identity provider (in your case AzureAD).

Another alternative to get permission updates each time the user logs in is to setup synchronized user directories. With this approach you set up a background job which continuously keeps Confluence up to date on users and group permissions from AzureAD. You can read more about this alternative here: https://kantega-sso.com/provisioning/

Full disclosure: I work for Kantega SSO, and our apps support both managed groups and synchronized AzureAD directories. Our support team is available if you want a demo or have any questions.

Regards,
Jon Espen
Kantega SSO

Reply
0 votes
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
September 10, 2019

Hi @Frédéric Grégoire ,

 

There multiple SSO plugins available for Confluence on the Atlassian Marketplace which allows you to enable SSO into Confluence from Azure AD. 

Here is one of the plugins that work on SAML2.0 Protocol.

https://marketplace.atlassian.com/apps/1215542/single-sign-on-sso-confluence-saml?hosting=datacenter&tab=overview

This plugin also has a feature you are looking for i.e. Group Mapping which allows you to map the Azure AD's group to Confluence local groups, and groups of the users in Confluence will be updated on each SSO(login) based on the group information received in the SAML Response from Azure AD.

Docs to setup SSO: https://plugins.miniorange.com/saml-single-sign-sso-confluence-using-azure-ad-idp

Feel free to reach out to support team through the customer portal in case if you need any assistance to set up the plugin for your use case.

 

Thanks,

Lokesh

I work for the miniOrange. One of the top SSO vendor in the Atlassian Marketplace,

View More Comments
Frédéric Grégoire
Frédéric Grégoire September 11, 2019

HI Lokesh,

 

Thank you for the information, I will have a look at miniOrange.

 

Regards,

 

Fred

Like
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
September 11, 2019

Hi @Frédéric Grégoire ,

 

Great. Feel free to drop an email at atlassiansupport@xecurify.com or reach out through our customer portal in case if you need any assistance with the plugin setup for your use case(group mapping).

 

Thanks,

Lokesh

Like
Reply
0 votes
jira guy
jira guy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 10, 2019

confluence server doesn't really support SSO with Azure unless you are using data center version. Also, crowd doesn't help with SSO redirect. You need SAML plugin for Confluence which should solve your use case. 

We use this plugin https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-sso-confluence?hosting=server&tab=overview

which works great!

View More Comments
Frédéric Grégoire
Frédéric Grégoire September 11, 2019

Hi Jira Guy,

 

We already have experience with SAML plugin which indeed works fine.

My issue is more about how to proceed with group mapping.

 

Thank you for your reply

Like Igor Chacon likes this
jira guy
jira guy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 11, 2019

Did you try their user sync option? They have Azure AD connector and in the advanced section they have the option to configure groups. Check it out 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events