Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence Azure Ad groups maping Edited

Hello,

 

A customer wants to test Confluence server in Azure... I have found the Microsoft tutorial to enable Azure AD SSO but don't understand how to map Azure AD groups to confluence groups. Can I add a Directory from the users administration page or Should I use Crowd ?

 

Can someone help me or redirect me to the relevant documentation ?

 

Regards,

 

Fred

3 answers

confluence server doesn't really support SSO with Azure unless you are using data center version. Also, crowd doesn't help with SSO redirect. You need SAML plugin for Confluence which should solve your use case. 

We use this plugin https://marketplace.atlassian.com/apps/1212129/saml-single-sign-on-sso-confluence?hosting=server&tab=overview

which works great!

Hi Jira Guy,

 

We already have experience with SAML plugin which indeed works fine.

My issue is more about how to proceed with group mapping.

 

Thank you for your reply

Did you try their user sync option? They have Azure AD connector and in the advanced section they have the option to configure groups. Check it out 

Hi @Frédéric Grégoire ,

 

There multiple SSO plugins available for Confluence on the Atlassian Marketplace which allows you to enable SSO into Confluence from Azure AD. 

Here is one of the plugins that work on SAML2.0 Protocol.

https://marketplace.atlassian.com/apps/1215542/single-sign-on-sso-confluence-saml?hosting=datacenter&tab=overview

This plugin also has a feature you are looking for i.e. Group Mapping which allows you to map the Azure AD's group to Confluence local groups, and groups of the users in Confluence will be updated on each SSO(login) based on the group information received in the SAML Response from Azure AD.

Docs to setup SSO: https://plugins.miniorange.com/saml-single-sign-sso-confluence-using-azure-ad-idp

Feel free to reach out to support team through the customer portal in case if you need any assistance to set up the plugin for your use case.

 

Thanks,

Lokesh

I work for the miniOrange. One of the top SSO vendor in the Atlassian Marketplace,

HI Lokesh,

 

Thank you for the information, I will have a look at miniOrange.

 

Regards,

 

Fred

Hi @Frédéric Grégoire ,

 

Great. Feel free to drop an email at atlassiansupport@xecurify.com or reach out through our customer portal in case if you need any assistance with the plugin setup for your use case(group mapping).

 

Thanks,

Lokesh

Hi @Frédéric Grégoire 

You can setup AzureAD to send group memberships as parts of the SAML response messages. It is a bit work to get AzureAD to send readable group names but we have created a document describing how to achieve this: https://docs.kantega.no/display/KantegaSSOEnterprise/Managed+and+Default+groups

With managed SAML groups, users are assigned and removed to groups based on the group settings at the identity provider (in your case AzureAD).

Another alternative to get permission updates each time the user logs in is to setup synchronized user directories. With this approach you set up a background job which continuously keeps Confluence up to date on users and group permissions from AzureAD. You can read more about this alternative here: https://kantega-sso.com/provisioning/

Full disclosure: I work for Kantega SSO, and our apps support both managed groups and synchronized AzureAD directories. Our support team is available if you want a demo or have any questions.

Regards,
Jon Espen
Kantega SSO

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

402 views 23 8
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you