Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Crowd group mappings

Deleted user April 17, 2018


  • Crowd server V3.1.3 connected to company active directory
  • groups not from active directory, but only in Crowd

In the directory I have configured several groups including confluence-users and confluence-administrator, but also groups named serverX-users.

Now when I configure an application running on serverX I can determine "Who can authenticate" (e.g. serverX-users) and I have a selection box for "Automatically assigned-to". I set this to confluence-users.

Now a user in serverX-users can login to the application on serverX, and I would have expected that he automatically is then assigned to the confluence-users group on serverX. However this is not the case?!

On the other hand an administrator on serverX sees the groups defined in Crowd and CAN DELETE them, not only on serverX, but also in Crowd?! He also can create groups which appear then in Crowd group management, too. Isn't it strange that the serverX administrator can change things on Crowd, but the Crowd administrator cannot assign a group membership on serverX?

I would like to know if I have a wrong understanding of group management in Crowd and the connected applications or if this behavior is a bug in V3.1.3?

BTW: I tried to find the answers in the documentation, but the screens for application/groups look very different there.


1 answer

0 votes
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 17, 2018

Hi Jean,

I understand users are not being added to the confluence-users group automatically upon login even though you configured the group under Automatically assigned to on the application's Directories & groups tab. I tested with Jira as my serverX application and when I logged into Jira with the test user, that user was added to confluence-users in both Crowd and Jira. My theory as to why that didn't work for you is that possibly the user had logged in before (the auto-add to group only works on first login). Please let me know:

  • Is this something you have seen consistently?
  • Can you reproduce it with a brand new test user from LDAP?
  • Are you using a Connector or Delegated LDAP connection to AD in Crowd?

If the application in Crowd and the User Directory in the serverX application are set for Read/Write access to the Directory in Crowd then it is expected that the administrator on serverX can make changes that are reflected in Crowd:


User Directory in Jira 7.8 and application setup in Crowd 3.1.3:

Screen Shot 2018-04-17 at 9.44.02 AM.png

Screen Shot 2018-04-17 at 9.57.33 AM.png



Deleted user April 18, 2018

Thank you, Ann.

The part with the group editing by the serverX administrator is ok now. I hadn't noticed the permission settings in the application configuration.

However the group assignment for first login didn't work. We chose a user that has never been in contact with confluence and asked him to login. The login worked, but he got the screen with 'Not permitted'. He was only allowed to logout, because he did not get the confluence-users group.

We are using a Connector to LDAP.

It case it matters: the confluence version used for this test was V6.2.1.

Deleted user April 18, 2018

Good news!

It works now, after I added the confluence-users group to the "default group memberships" in the directory's options tab and setting "synchronise group" to "every time a user logs in" in the directory's connector tab.

Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 19, 2018

That really is good news! Thanks for circling back to the thread.

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events