Hi,
We have been using Crowd with an internal directory of users for SSO between JIRA, Confluence, Stash and Bamboo for the last few years.
We are now migrating over to using Microsoft Active Directory as our primary directory on Crowd. I have set up a stage environment to test, and have successfully created a new Microsoft Active Directory directory and imported all the relevant user and groups.
However the problem is that everyone will get new account for our applications as this is a new directory. Is it possible to either disable all the accounts in our old Crowd Internal Directory and link them to the new account in the Microsoft Active Directory? Or to merge the directory/accounts?
The end goal is that people who previously had an account in the Crowd internal directory would still be able to see all thier previous history/issues in JIRA/Confluence etc when we migrate over to the MS Active Directory.
Thanks in advance.
Ben
As long as the user name matches, you can just put the AD user directory on top of the internal user directory and everything should work fine.
Keep an eye on the permissions as the user groups will have to be either created in AD or aggregated from both directories.
Thanks - I didn't think it would be that simple! The usernames where slightly different between the directories - I have to manually re-name the users in the old directory, and sync all the apps with crowd before adding the AD user directory, to preserve the users' history.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, I must be doing something wrong them as I end up with a new user. Seems t hapen to a user that had a user name that did NOT match what was in AD. I tried renaming the user prior to importing from Crowd directory. But it didn't seem to help
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Jobin Kuruvilla [Adaptavist] could you please clarify where you're prioritizing the user directories? In Crowd you create an application and then add directories to the application. You can order the directories there, within Crowd, to prioritize them.
Then on the application side (i.e. JIRA) you add a user directory from Crowd, which is the "application" on the Crowd side. Here you can also order the directories to prioritize them.
I'm currently trying to figure out how to achieve the same thing that Ben was originally asking about. Do I setup my AD directory as a separate "application" in Crowd, and then add my internal Crowd and AD directories as separate User Directories in JIRA? Or do I add both directories to the same "application" in Crowd, and add that single entity as a User Directory to JIRA?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I figured out that the directory prioritization occurs within the 'Application' in Crowd. You don't need to add a new user directory on the application side, or even edit the existing Crowd user directory configuration on that end.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Kyle Rosier Thanks for the detail walkthrough, I have a question:
In step2, can I bulk add users to the group? I've tried import from CSV but I can not only import group membership file plus I have no permission to edit external AD.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I haven't used the CSV import functionality. When I added the AD user directory to Crowd, it pulled in all the users that way. I then created groups in Crowd (configured to not write back to AD) and added AD users (in Crowd) to those groups. I believe at that point I was able to add one or many users at a time to a group.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.