Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,467,388
Community Members
 
Community Events
177
Community Groups

Crowd group mappings

Deleted user Apr 17, 2018

Configuration:

  • Crowd server V3.1.3 connected to company active directory
  • groups not from active directory, but only in Crowd

In the directory I have configured several groups including confluence-users and confluence-administrator, but also groups named serverX-users.

Now when I configure an application running on serverX I can determine "Who can authenticate" (e.g. serverX-users) and I have a selection box for "Automatically assigned-to". I set this to confluence-users.

Now a user in serverX-users can login to the application on serverX, and I would have expected that he automatically is then assigned to the confluence-users group on serverX. However this is not the case?!

On the other hand an administrator on serverX sees the groups defined in Crowd and CAN DELETE them, not only on serverX, but also in Crowd?! He also can create groups which appear then in Crowd group management, too. Isn't it strange that the serverX administrator can change things on Crowd, but the Crowd administrator cannot assign a group membership on serverX?

I would like to know if I have a wrong understanding of group management in Crowd and the connected applications or if this behavior is a bug in V3.1.3?

BTW: I tried to find the answers in the documentation, but the screens for application/groups look very different there.

 

1 answer

0 votes

Hi Jean,

I understand users are not being added to the confluence-users group automatically upon login even though you configured the group under Automatically assigned to on the application's Directories & groups tab. I tested with Jira as my serverX application and when I logged into Jira with the test user, that user was added to confluence-users in both Crowd and Jira. My theory as to why that didn't work for you is that possibly the user had logged in before (the auto-add to group only works on first login). Please let me know:

  • Is this something you have seen consistently?
  • Can you reproduce it with a brand new test user from LDAP?
  • Are you using a Connector or Delegated LDAP connection to AD in Crowd?

If the application in Crowd and the User Directory in the serverX application are set for Read/Write access to the Directory in Crowd then it is expected that the administrator on serverX can make changes that are reflected in Crowd:

 

User Directory in Jira 7.8 and application setup in Crowd 3.1.3:

Screen Shot 2018-04-17 at 9.44.02 AM.png

Screen Shot 2018-04-17 at 9.57.33 AM.png

 

 

Deleted user Apr 18, 2018

Thank you, Ann.

The part with the group editing by the serverX administrator is ok now. I hadn't noticed the permission settings in the application configuration.

However the group assignment for first login didn't work. We chose a user that has never been in contact with confluence and asked him to login. The login worked, but he got the screen with 'Not permitted'. He was only allowed to logout, because he did not get the confluence-users group.

We are using a Connector to LDAP.

It case it matters: the confluence version used for this test was V6.2.1.

Deleted user Apr 18, 2018

Good news!

It works now, after I added the confluence-users group to the "default group memberships" in the directory's options tab and setting "synchronise group" to "every time a user logs in" in the directory's connector tab.

AnnWorley Atlassian Team Apr 19, 2018

That really is good news! Thanks for circling back to the thread.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events