Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Azure Ad syncs all users to applications (Confluence)

We use crowd together with confluence.

Within crowd:

Application has Azure Ad mapped to confluence. But only the group confluence-users is selected in "Groups that can authenticate"

In Azure Ad we added the group confluence-administrators. Also this group is not selected in "Groups that can authenticate" these users consume licenses in confluence.

Background:

We are preparing to move most users to azure ad.

"Allow all users from this directory to authenticate" is not activated for Azure Ad on Application Confluence

4 answers

Same issue on jira. Only jira-users is activated for Jira-Application in crowd, but members of jira-administrators group incloud are consuming licenses.

 

It looks like if you ad an Azure Ad to an application alle users are synced to the application. "Allow all users from this directory to authenticate" or selecting only some groups is not working.

0 votes

Hey benjamin,

There is is nothing wrong with your configuration, this is how the products are expected to work, however many people don’t expect this behavior (me included initially). If a user shows in a crowd directory, then they will sync to the applications connected to it. You can then limit who can actually use the product via the application license groups and the “allowed to authenticate”.

 

The only way we have found so far to limit users getting to the apps is to have groups in AD/LDAP and then ingest in to Crowd using and LDAP filter that limits scope to just that set of users. 

 

Apart from having a giant list of users in the application that you likely don’t want to see, and if the possibility that there may be a performance hit by storing data that’s never used, is there a functional issue you’re trying to work around?

 

 

CCM 

0 votes
Bruno Vincent Community Leader Feb 27, 2018

Hi @Benjamin Brummer

'confluence-administrators' may not be in your list of 'Groups that can authenticate' but from Confluence's perspective, it is a special group, that's why its users actually consume licenses. You can also see that special behaviour in Confluence's Administration UI > Users & Security > Global Permissions > Licensed Users.

(BTW if it's important for you not to see all your Azure AD users and groups in Crowd's console and then in Confluence, you might want to take a look at the Office 365 Directory Connector for Crowd (ODCC) plugin that has options to filter Azure AD users and groups. Disclaimer: I work for the vendor of the ODCC plugin.)

We are migrating to azure ad and simply wanted to create all users and groups and than switch internal off. But we are reaching our license limit when we add users to azure groups for later use in atlassian applications.

 

Plan is now to change current usernames to be the same like the later ones used in azure, so applications should count them as same user.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Asked in Jira Service Management

JSM June ask me anything (AMA)

Hello Community members! We’re wrapping up the end of JSM June with an Ask Me Anything (AMA) with the Jira Service Management product team. This is your chance to ask all your ITSM questions to o...

238 views 12 14
View question

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you