I have connected Crowd with Azure AD (AAD) without any problem. But when It came to authenticating Azure AD Users againt Atlassian products (Mainly Jira, Confluence & Bitbucket) we are having some trouble. First I cannot give users access to Jira or Confluence and I cannot create local groups or use groups to assign permissions to users.
We have gone through some documentation and I have some questions:
PS: I'm using crowd 3.2.1 and I will upgrade to the latest version because we are facing a bug (link)
The issue has been resolved now and here is how:
5. Configure permissions for the native application to allow Crowd to validate user credentials:Before cliking 'Grant Permissions' and confirming, we Added Windows Azure AD API permissions (Read directory Data, Sign in and read user profile ...)
- Click your native application.
- Click Settings
- In the API ACCESS section, click Required permissions.
- Click Grant Permissions and confirm.
et voila. That's it.
Are you certain that it was the native application that requires those rights? The permissions for the native applications are permissions for executing actions on Azure Active Directory, which is a capability that Crowd does not use. I've set up a test directory a moment ago without any additional permissions on the native application and didn't run into permission issues.
However since some Azure AD requires that "Grant permissions" is executed both on the web application, as well as the native one.
Absolutely certain. Because before doing that I have clicked on Grant Permissions and confirmed for several times and the issue was the same as described.
Then I added the API permissions and it worked.
Let me know if you need more info or screenshots.
I would like to know why you cannot give users access to Jira or Confluence, you can configure Jira or Confluence applications in Crowd, and allow these applications to authenticate against your Azure Active Directory or a set of selected groups from the directory.
Though you can't create groups in Azure AD using Crowd, you can create them in Azure AD itself, and then use the groups to control access for applications in Crowd.
Coming to your question:
Yes, it is possible without any third party plugin. Please follow the documentation to configure Azure AD in Crowd, or skip this if you have already successfully connected to Azure AD and follow this documentation to connect JIRA to Crowd
Hope this helps, if not, please list out the problems in detail what you are facing.
Hi @Carl Pelletier ,
Here's the documentation from Microsoft regarding what are the UI changes and how they relate to old one.
You can keep following the Crowd's Azure integration documentation, and see the corresponding changes in this link regarding how to grant permissions.
We will be updating the Crowd's documentation as well.
Let me know if you need anything else.
Hi, I configure Confluence to validate authentification with SAML/azure Ad. Done
I configure crowd a a Confluence directory. Done
I configure in Crowd a Azure directory to fetch users/groups from Azure Ad. Done
Now my question:
When a user authenticate to Confluence, The browser call Azure and the authentification is done. The token is send back to Confluence. Confluence validate if the user exist in the directory(Crowd). I
Is there a Communication with Crowd at this moment ? I guess that yes. What is sent to Crowd ? The user identifier? No password ?
How Crowd validate that user with the Azure Directory ?
Can you explain please? A communication flow diagram will be nice!
Plan and track how teams spend their time and effort may represent a rocket science for many team leaders. Not rarely they need to deal with a considerable amount of variables to “hit the tar...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events