Crowd group mappings

Configuration:

  • Crowd server V3.1.3 connected to company active directory
  • groups not from active directory, but only in Crowd

In the directory I have configured several groups including confluence-users and confluence-administrator, but also groups named serverX-users.

Now when I configure an application running on serverX I can determine "Who can authenticate" (e.g. serverX-users) and I have a selection box for "Automatically assigned-to". I set this to confluence-users.

Now a user in serverX-users can login to the application on serverX, and I would have expected that he automatically is then assigned to the confluence-users group on serverX. However this is not the case?!

On the other hand an administrator on serverX sees the groups defined in Crowd and CAN DELETE them, not only on serverX, but also in Crowd?! He also can create groups which appear then in Crowd group management, too. Isn't it strange that the serverX administrator can change things on Crowd, but the Crowd administrator cannot assign a group membership on serverX?

I would like to know if I have a wrong understanding of group management in Crowd and the connected applications or if this behavior is a bug in V3.1.3?

BTW: I tried to find the answers in the documentation, but the screens for application/groups look very different there.

 

1 answer

0 votes

Hi Jean,

I understand users are not being added to the confluence-users group automatically upon login even though you configured the group under Automatically assigned to on the application's Directories & groups tab. I tested with Jira as my serverX application and when I logged into Jira with the test user, that user was added to confluence-users in both Crowd and Jira. My theory as to why that didn't work for you is that possibly the user had logged in before (the auto-add to group only works on first login). Please let me know:

  • Is this something you have seen consistently?
  • Can you reproduce it with a brand new test user from LDAP?
  • Are you using a Connector or Delegated LDAP connection to AD in Crowd?

If the application in Crowd and the User Directory in the serverX application are set for Read/Write access to the Directory in Crowd then it is expected that the administrator on serverX can make changes that are reflected in Crowd:

 

User Directory in Jira 7.8 and application setup in Crowd 3.1.3:

Screen Shot 2018-04-17 at 9.44.02 AM.png

Screen Shot 2018-04-17 at 9.57.33 AM.png

 

 

Thank you, Ann.

The part with the group editing by the serverX administrator is ok now. I hadn't noticed the permission settings in the application configuration.

However the group assignment for first login didn't work. We chose a user that has never been in contact with confluence and asked him to login. The login worked, but he got the screen with 'Not permitted'. He was only allowed to logout, because he did not get the confluence-users group.

We are using a Connector to LDAP.

It case it matters: the confluence version used for this test was V6.2.1.

Good news!

It works now, after I added the confluence-users group to the "default group memberships" in the directory's options tab and setting "synchronise group" to "every time a user logs in" in the directory's connector tab.

Ann Worley Atlassian Team Apr 19, 2018

That really is good news! Thanks for circling back to the thread.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Friday in Jira Service Desk

Are you a Jira Service Desk agent? We want to talk to you!

Are you a whiz at handling tickets and looking at how you can further optimize your workflow with automation? Do you tackle detailed customer support questions while simultaneously getting flooded wi...

153 views 0 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you