In the directory I have configured several groups including confluence-users and confluence-administrator, but also groups named serverX-users.
Now when I configure an application running on serverX I can determine "Who can authenticate" (e.g. serverX-users) and I have a selection box for "Automatically assigned-to". I set this to confluence-users.
Now a user in serverX-users can login to the application on serverX, and I would have expected that he automatically is then assigned to the confluence-users group on serverX. However this is not the case?!
On the other hand an administrator on serverX sees the groups defined in Crowd and CAN DELETE them, not only on serverX, but also in Crowd?! He also can create groups which appear then in Crowd group management, too. Isn't it strange that the serverX administrator can change things on Crowd, but the Crowd administrator cannot assign a group membership on serverX?
I would like to know if I have a wrong understanding of group management in Crowd and the connected applications or if this behavior is a bug in V3.1.3?
BTW: I tried to find the answers in the documentation, but the screens for application/groups look very different there.
I understand users are not being added to the confluence-users group automatically upon login even though you configured the group under Automatically assigned to on the application's Directories & groups tab. I tested with Jira as my serverX application and when I logged into Jira with the test user, that user was added to confluence-users in both Crowd and Jira. My theory as to why that didn't work for you is that possibly the user had logged in before (the auto-add to group only works on first login). Please let me know:
If the application in Crowd and the User Directory in the serverX application are set for Read/Write access to the Directory in Crowd then it is expected that the administrator on serverX can make changes that are reflected in Crowd:
User Directory in Jira 7.8 and application setup in Crowd 3.1.3:
Thank you, Ann.
The part with the group editing by the serverX administrator is ok now. I hadn't noticed the permission settings in the application configuration.
However the group assignment for first login didn't work. We chose a user that has never been in contact with confluence and asked him to login. The login worked, but he got the screen with 'Not permitted'. He was only allowed to logout, because he did not get the confluence-users group.
We are using a Connector to LDAP.
It case it matters: the confluence version used for this test was V6.2.1.
It works now, after I added the confluence-users group to the "default group memberships" in the directory's options tab and setting "synchronise group" to "every time a user logs in" in the directory's connector tab.
For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events