Hello, I currently have the latest version of Crowd being synced with Azure Active Directory. The issue I'm having is all the properties (user name, display name, etc) sync to Crowd once the change is made in Azure AD except the email_address. This is important because I'm creating a Jira email Notification system which would be pulling the addresses from Crowd (My AD syncs to Crowd and Crowd syncs to Jira) Crowd and Jira are read-only so the change would need to happen within Azure AD I believe. Any help would be appreciated.
Hi @KO89
We (Kantega Single Sign-on) recently added Cloud Connectors to our Single Sign-on add-ons.
This lets you sync Azure users and groups directly into JIRA, Confluence etc without the need for Crowd!
If a user does not have the mail attribute, then we simply map the user name attribute => email.
-Lars
Thank you @Lars Olav Velle. I will definitely give this product a look. Being that we've already provisioned a VM for Crowd and connected it to the rest of the Atlassian Stack in a production environment I doubt we will steer away from it though.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @KO89
Do you mean you get a null value for email addresses? Crowd maps the email attribute to the mail attribute in Azure AD. An Azure AD user has a non null mail attribute if he has an Office 365 mailbox (Exchange plan) or if his account was synchronised from an on-premise AD with Azure AD Connect (please read the following accepted answer on SO).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for the response @Bruno Vincent. To answer your question, when I check the Crowd database I indeed have null values for email addresses. Within the Azure console there is no "mail" attribute but only an email address attribute under the user profile column which isn't mapping. We don't have an Office 365 subscription but are using our work emails instead.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @KO89
That's unfortunately what I was assuming. The email address you see under the user profile in Azure console is named otherMails in Azure AD. It is different from the mail attribute that is used by Crowd. You'll get the mail attribute if you purchase an O365 subscription (and assign Exchange licenses to your users).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you @Bruno Vincent, this saves me a lot of time and troubleshooting. I assumed their must be a way I could change the mapping configurations but not having access to the back-end of AAD would most likely prevent that. I will move forward with the O365 subscription option.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @KO89
Just in case you haven't moved forward yet, I thought you might also be interested in taking a look at the following add-on: Office 365 Directory Connector or Crowd (ODCC).
The latest version of the ODCC plugin actually has an option to fill in the Crowd email address field with the value of the Office 365 / Azure AD mailNickname attribute when the mail attribute has no value in Azure AD (unlike the mail attribute, the mailNickname attribute is always provisioned in Azure AD)
(Disclaimer: I work for the vendor of the ODCC plugin)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for the update @Bruno Vincent. I was given the go ahead to test the new version of the plug-in. I will respond with feedback after my testing
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sure @KO89! Feel free to contact us at support@cleito.com if you have any questions while configuring the plugin.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Question @Bruno Vincent, I still have the previous plug-in that didn't allow email ingestion installed. I just deactivated the directory and decided to use the Crowd server for authentication. Being that I haven't deleted the previous plug-in do I still need to follow the complete installment guide or can I just change the configurations within the crowd-webapp properties file?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @KO89
My understanding is that you had installed ODCC v1.x and you now want to upgrade to ODCC v1.4, is that right? In that case, you just need to stop Crowd and replace the ODCC v1.x jar file with the v1.4 jar file in crowd-webapp/WEB-INF/lib before starting Crowd again. I strongly suggest that you send us an email at support@cleito.com. This will be easier to diagnose the problem.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.