It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Q&A: How to manage your Atlassian users as you grow

Maggie Roney Atlassian Team Jul 25, 2018

Do you own multiple Atlassian products? Managing all of your Atlassian users can quickly become complicated, especially if you are a large enterprise or are quickly growing.

We recently held a webinar where we shared Crowd best practices and how to best integrate with your Atlassian Server and Data Center products. Watch today to learn great tips like how to:

  • Use Crowd's default groups to optimize your license usage for your Atlassian products
  • Use SAML in Data Center together with Crowd.
  • Track changes made to your user's data to ensure compliance 

Here is a round up of some of the Q&A we had during the webinar as well that we weren't able to get to! We'd love to hear any other questions, thoughts, or ideas in the comments below! 

 

General:

I only have Jira and Confluence. Does it makes sense for me to have Crowd or should I manage my users in Jira instead? 

We recommend that you use Crowd to manage your users if you have more than one Atlassian on-premise product because it helps alleviate the load placed on those products, allowing them to focus on product specific tasks rather than user management tasks. Additionally, you can leverage Crowd SSO to provide your users a seamless login experience and you can easily manage your Atlassian users across both Jira and Confluence in a single location.

Why should I buy Crowd DC over Crowd Server?

Our Data Center product line focuses on supporting enterprise teams and organizations as they scale their mission critical Atlassian applications. Today, Crowd Data Center mainly provides high availability via its active-active clustering model, however, future development of Crowd Data Center will continue to focus on supporting enterprise teams and their needs around cross-product administration and user management.

Which DB Manager do you recommend?

We do not recommend a specific DBMS or which tools to use to administer it. You can choose which is best suited for your organization, but we suggest that you consult our supported platforms guide for more information on supported platforms.

How do I import multiple users in one shot?

It depends on the importer type that you are using. One of the most common examples is to use a CSV importer to import all the users from a file at one time.

Do you plan to add an upgrade feature inside Crowd, instead of manually downloading the newest version?

It's a great suggestion and we will take it into consideration while working on our future roadmap. We are always looking for ways to make the deployment, installation and upgrade process as easy and seamless as possible. Please submit any specific suggestions on http://jira.atlassian.com/ in Crowd (CWD) project.

Why is it best practice to use multiple internal user directories for different types of users (like employees vs. customers) within Crowd?

We wouldn't qualify it as a best practice; however, this kind of configuration allows you to easily configure applications that should only receive a given subset of users (i.e. employees). Another way to do this is by assigning specific applications to group memberships and specific users to those group memberships. However, if you do so, the connected applications will still receive other users from the directory, even if they cannot log in.

 

Delegated Administration:

What will group level admins be able to do in Crowd and would global admins be able to audit that?

Group level admins will be able to add and remove users from all of the groups that they manage. Global admins will be able to track information about all user group and membership changes done by group level admins in any of the directories including information about when the change occurred and who did it.

Do you have a target release date/version for the group level admin feature?

We cannot share the exact timeline; however, the feature is now in active development. We have completed a prototype, which we have shared with a few customers to get feedback. We aim to deliver this feature in the next minor release of Crowd Data Center. Learn when the early access program is available by following this ticket

 

Improved Visibility

Can I set up and view permissions of my Atlassian products in Crowd?

Today, you can assign your users to groups in Crowd. This impacts permissions and defines who can authenticate to your products, but does not provide visibility into whether a user has access to a specific Jira project, Confluence space or Bitbucket repository.

In the future, we hope to improve this so that you can see and manage all of your user permissions across your Atlassian products in a single location. To provide feedback, vote, or watch for updates, check out this ticket.

Is there a way to monitor users who are consuming licenses in apps connected to Crowd?

There is currently not a way to monitor active and inactive users in apps connected to Crowd.

We understand how important it is for our customers to optimize license usage and we are planning on providing centralized visibility of license usage across other Atlassian products in Crowd Data Center. This will allow you to see who accessed which applications in a given time period and you would also be able to revoke access from inactive users.

 

SAML/SSO: 

How we can use SAML together with Crowd SSO? It is possible to have Crowd/other applications connected to both SAML and Active Directory? Or it is necessary to have it connected only through SAML?

At the moment it is not possible to connect applications to Crowd using SAML and SSO, but we are looking into implementing such support in Crowd Data Center in the near future. Until then, it is possible to use Crowd for user and group management even if applications connected to Crowd are using SAML for authentication as described here.

If some of your applications use SAML, but others do not you can still use Crowd SSO for those applications, but it would not provide a true SSO experience.

Can SSO be enabled so that once a user logs into Jira, they also automatically log into Confluence, Bamboo etc.?

Yes, Crowd provides SSO across all Atlassian on-premise products as well as with 3rd party tools like Artifactory. Please see following documentation for integrating Crowd SSO with Jira, Confluence and Bamboo.

We have also plans to improve the current SSO experience to make it easier to configure and work across different domains. Here is the ticket if you want to vote, follow updates, or provide additional feedback.

When will a single sign-on feature be enabled like Confluence and Jira?

Crowd already provides SSO and it works across all Atlassian Server and Data Center applications including Jira and Confluence. We will continue to make improvements to the current SSO experience, such as simplifying configuration and providing cross-domain support.

A few months ago, you updated the 2FA feature request (https://jira.atlassian.com/browse/CWD-677). Any idea when this feature will actually come?

We cannot provide a specific timeline, but we can confirm that it is now on our roadmap. You will be able to utilize existing MFA solutions offered by your 3rd party identity providers. We are not planning on building our own Crowd-specific MFA feature/solution at this point.

Can SSO for Trello be achieved via delegated authentication through Crowd?

Currently, with the SSO offered by Crowd it is not possible. However, we are planning to natively support SAML in Crowd, which will enable single sign-on across Atlassian on-premise products. Our initial focus will be on optimizing for on-premise products; however, if you are interested in this, please submit a suggestion.

When did Crowd pick up SAML support? Is the Data Center version required for SAML?

We are planning to add SAML support in Crowd Data Center so the users will be able to login to applications connected to Crowd using SAML / SSO. We can not share an exact timeline at the moment, but it please watch this ticket for updates in the coming months.

 

 

Again, we'd love to hear any other questions, thoughts, or ideas in the comments below! 

 

0 comments

Comment

Log in or Sign up to comment
Community showcase
Posted in Jira

The Jira Server Mobile App is here!

Hey Community! My name is James and I am a product manager on the Server Mobile team. I am excited to announce the new Jira Server Mobile apps for both iPhone and Android are now available. This is...

40 views 1 3
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you