Do I need Crowd? We have several Atlassian-centric groups set up in AD. "Atlassian-Admins"; "Jira-Users"; "Confluence-Users", etc. These groups are the only ones connected to Crowd.
When we get a new employee or add a team mate to a project thus requiring access, they are added by the AD team to one of those groups above, then Crowd does it's thing and all is good.
I'm mainly asking this to provoke conversations. Why would I need Crowd? How would it benefit me in this situation. (other than SSO between Atlassian products - we use 4 Atlassian products). This isnt an anti Crowd question. I'm just genuinely curious.
Couldn't I simply hook up the AD groups to the apps directly, bypassing Crowd?
If you have a similar set up, I'm interested to see how you're set up. TIA
Crowd has 3 main features:
SSO is often considered as a must have but maybe you already have a corporate solution for this in your organisation (e.g. CAS, CA SiteMinder) that you want to integrate with your Atlassian Stack. If you don't, Crowd is a very good option to consider because it is a simple one. SSO solutions can often be difficult to integrate with your custom or non custom applications. Sometimes it can even take weeks before you get a working environment. Crowd can be installed and integrated in minutes. As any other solution, Crowd obviously reaches limits (for instance, Crowd SSO is limited to one single domain) but as a whole its simplicity is often an advantage in comparison with other solutions. Finally, if you really don't care about SSO, you can obviously integrate your applications with direct LDAP connections to your Active Directory.
Using Crowd as a virtual directory is a very valuable feature. The REST API makes it very easy to integrate your custom applications, without having to cope with the complexity of multiple directories in back-end. Since you only have one single directory (Active Directory), this might not sound very important to you. But there are situations where you need to have more than one directory. For instance, you might want to open your Jira service to external users but your IT security team forbids you to store these users in the corporate Active Directory. Maybe these users also need to comply with a different password policy than the default one in Active Directory.
The User Interface for provisioning users and groups is probably the less interesting one in your case. I guess that your AD administrators already have a provisioning interface for daily administration so the Crowd console won't be of any help. However in very small teams and organisations, the Crowd administrator might be a single person who is also in charge of provisioning the corporate LDAP server or Active Directory.
Yes, SSO is the main functionality under offering here. Everything else can be done by directly hooking the apps to AD.
Crowd also allows internal directories, which can then become a separate common directory for all the Atlassian apps. Sounds like that is not a requirement for you.