Configuring Crowd for JIRA, Stash and Confluence and migration

We already have JIRA, Stash, and Confluence installed and have been using them for some time.  Each currently has a "Delegated LDAP" directory that authenticates via Active Directory.  They all automatically create the user and adds them to the appropriate jira-users, stash-users, confluence-users group respectively at first log on.  Not all users use all three apps but there is considerable overlap between the sets of users in each.  We also have a number of additional groups that associate users with geographic locations (countries), product teams, etc.  Groups that are used across all products are named the same in each app, and unique group names are used if they are only applicable to users of the particular app.

We are installing Crowd and my understanding is that it is better to use a single directory in Crowd (ours will be Delegated LDAP) so that we do not have duplicate users across three individual directories.  We want to migrate to Crowd with hopefully no impact on the user community.  I cannot find any document that discusses this scenario so I have questions:

  1. Is the single directory approach the preferred method?
  2. Can I migrate the users from all three apps into a single Crowd Delegated LDAP directory?  Any problems I should watch out for?  Special tricks?
  3. Will the groups also be migrated? Keeping the existing group memberships is essential since not every user has an account on all three apps so we need to maintain the memberships for the license counts. 
  4. Once we convert to Crowd and each app is using the common Crowd directory instead of its own Delegated LDAP directory, do we need to keep the groups defined in the apps as well as in Crowd, or should they be defined in the apps instead of in Crowd, or can we put some in one place and some in others depending on whether they are used across all three apps or unique to a specific app.  In other words the workings of groups and directories and related best practices are not clear to us, especially with multiple apps sharing the same directory.  For example in JIRA we currently have a JIRA Internal directory and a Delegated LDAP directory.  When we create a group in JIRA, there are two rows created in the cwd_group table, one for each of the directories (so the group "exists" in both directories).  After the conversion, if we create a group in JIRA (assuming we still can), will it exist in the internal directory and the Crowd directory and will we see it in the UI in both JIRA and Crowd?  A more detailed discussion of the theory and logic behind how this works would be most helpful.

I know this is a big ask, but my searches haven't turned up much in the way of information or guidance for multiple app migration and I really don't want to break our existing tools.

 

 

2 answers

0 vote

Hi James, 

Let me clarify your questions. Additionally I suggest you to try Crowd in an test environment so you can understand better the options I’m mention below.  

1- Crowd have options to add Directories (Active Directory, OpenLDAP, etc). If you have only one Active Directory on your network, then you don’t need to create multiple directories. However, once you have a directory on Crowd, you will add your applications on the Applications Tab. In this tab, you will add an application for JIRA, a new one to Stash and another one to Confluence. You cannot put JIRA, Stash and Confluence on the same Application. When you hit on the option Add Application, you will see that you have options for all Atlassian products. 

2 - You should be able to import users without problems. On Crowd you have in the Users Tab, the option Import Users which I believe is what you are looking for. 

3 - Yes, on the Import Users Tab you also should be able to migrate the groups from your Active directory. 

4 - You can have configured a delegated directory and an internal directory to an application, for instance, Confluence. You can manage your groups and on the Application Tab choosing what group will be related to each application.

In this link you can an example how Crowd directory works.  In Crowd Admin guide you can find additional information.

 

I hope it helps.

 

Regards, 

Renato Rudnicki

Thank you Renato for your response.

#2 I am still curious if anyone has any experience with importing multiple applications into the same Crowd directory.  One problem I see is that Stash is not one of the applications that the Atlassian importer supports.  Since Stash has the same embedded Crowd database tables, Do I import as though it was JIRA or some other application?

#4 I could still use more information on the relationship of groups and where and how they are maintained. 

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

1,209 views 6 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you