Azure AD table mappings not syncing in Crowd

Hello, I currently have the latest version of Crowd being synced with Azure Active Directory. The issue I'm having is all the properties (user name, display name, etc) sync to Crowd once the change is made in Azure AD except the email_address. This is important because I'm creating a Jira email Notification system which would be pulling the addresses from Crowd (My AD syncs to Crowd and Crowd syncs to Jira) Crowd and Jira are read-only so the change would need to happen within Azure AD I believe. Any help would be appreciated.

2 answers

2 accepted

0 votes
Accepted answer
Bruno Vincent Community Champion Dec 27, 2017

Hi @Kehinde Owens

Do you mean you get a null value for email addresses? Crowd maps the email attribute to the mail attribute in Azure AD. An Azure AD user has a non null mail attribute if he has an Office 365 mailbox (Exchange plan) or if his account was synchronised from an on-premise AD with Azure AD Connect (please read the following accepted answer on SO).

Thank you for the response @Bruno Vincent. To answer your question, when I check the Crowd database I indeed have null values for email addresses. Within the Azure console there is no "mail" attribute but only an email address attribute under the user profile column which isn't mapping. We don't have an Office 365 subscription but are using our work emails instead.

Bruno Vincent Community Champion Dec 28, 2017

Hi @Kehinde Owens

That's unfortunately what I was assuming. The email address you see under the user profile in Azure console is named otherMails in Azure AD. It is different from the mail attribute that is used by Crowd. You'll get the mail attribute if you purchase an O365 subscription (and assign Exchange licenses to your users).

Thank you @Bruno Vincent, this saves me a lot of time and troubleshooting. I assumed their must be a way I could change the mapping configurations but not having access to the back-end of AAD would most likely prevent that. I will move forward with the O365 subscription option.

Bruno Vincent Community Champion Apr 02, 2018

Hi @Kehinde Owens

Just in case you haven't moved forward yet, I thought you might also be interested in taking a look at the following add-on: Office 365 Directory Connector or Crowd (ODCC).

The latest version of the ODCC plugin actually has an option to fill in the Crowd email address field with the value of the Office 365 / Azure AD mailNickname attribute when the mail attribute has no value in Azure AD (unlike the mail attribute, the mailNickname attribute is always provisioned in Azure AD)

(Disclaimer: I work for the vendor of the ODCC plugin)

Thank you for the update @Bruno Vincent. I was given the go ahead to test the new version of the plug-in. I will respond with feedback after my testing

Bruno Vincent Community Champion Apr 04, 2018

Sure @Kehinde Owens! Feel free to contact us at support@cleito.com if you have any questions while configuring the plugin.

Question @Bruno Vincent, I still have the previous plug-in that didn't allow email ingestion installed. I just deactivated the directory and decided to use the Crowd server for authentication. Being that I haven't deleted the previous plug-in do I still need to follow the complete installment guide or can I just change the configurations within the crowd-webapp properties file?

Bruno Vincent Community Champion Apr 04, 2018

Hi @Kehinde Owens

My understanding is that you had installed ODCC v1.x and you now want to upgrade to ODCC v1.4, is that right? In that case, you just need to stop Crowd and replace the ODCC v1.x jar file with the v1.4 jar file in crowd-webapp/WEB-INF/lib before starting Crowd again. I strongly suggest that you send us an email at support@cleito.com. This will be easier to diagnose the problem.

0 votes
Accepted answer

Hi @Kehinde Owens

We (Kantega Single Sign-on) recently added Cloud Connectors to our Single Sign-on add-ons.

This lets you sync Azure users and groups directly into JIRA, Confluence etc without the need for Crowd!

If a user does not have the mail attribute, then we simply map the user name attribute => email.

-Lars

Thank you @Lars Olav Velle. I will definitely give this product a look. Being that we've already provisioned a VM for Crowd and connected it to the rest of the Atlassian Stack in a production environment I doubt we will steer away from it though.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,573 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you