Do I need Crowd?

Deleted user August 10, 2016

Do I need Crowd? We have several Atlassian-centric groups set up in AD. "Atlassian-Admins"; "Jira-Users"; "Confluence-Users", etc. These groups are the only ones connected to Crowd.

When we get a new employee or add a team mate to a project thus requiring access, they are added by the AD team to one of those groups above, then Crowd does it's thing and all is good.

I'm mainly asking this to provoke conversations. Why would I need Crowd? How would it benefit me in this situation. (other than SSO between Atlassian products - we use 4 Atlassian products). This isnt an anti Crowd question. I'm just genuinely curious.

Couldn't I simply hook up the AD groups to the apps directly, bypassing Crowd? 

If you have a similar set up, I'm interested to see how you're set up. TIA

3 answers

2 votes
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 11, 2016

Crowd has 3 main features:

  1. SSO
  2. Virtual directory (REST front-end, LDAP and other custom back-end directories
  3. User Interface for provisioning and administering users and groups in back-end directories

SSO is often considered as a must have but maybe you already have a corporate solution for this in your organisation (e.g. CAS, CA SiteMinder) that you want to integrate with your Atlassian Stack. If you don't, Crowd is a very good option to consider because it is a simple one. SSO solutions can often be difficult to integrate with your custom or non custom applications. Sometimes it can even take weeks before you get a working environment. Crowd can be installed and integrated in minutes. As any other solution, Crowd obviously reaches limits (for instance, Crowd SSO is limited to one single domain) but as a whole its simplicity is often an advantage in comparison with other solutions. Finally, if you really don't care about SSO, you can obviously integrate your applications with direct LDAP connections to your Active Directory.

Using Crowd as a virtual directory is a very valuable feature. The REST API makes it very easy to integrate your custom applications, without having to cope with the complexity of multiple directories in back-end. Since you only have one single directory (Active Directory), this might not sound very important to you. But there are situations where you need to have more than one directory. For instance, you might want to open your Jira service to external users but your IT security team forbids you to store these users in the corporate Active Directory. Maybe these users also need to comply with a different password policy than the default one in Active Directory.

The User Interface for provisioning users and groups is probably the less interesting one in your case. I guess that your AD administrators already have a provisioning interface for daily administration so the Crowd console won't be of any help. However in very small teams and organisations, the Crowd administrator might be a single person who is also in charge of provisioning the corporate LDAP server or Active Directory.

Rodrigo Bellotto Campacci September 25, 2020

Just to summarize: in a small company (~100 users) it is probably more cheaper to integrate Jira and Confluence directly to AD and put user/password some times. Confirm?

1 vote
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 10, 2016

Yes, SSO is the main functionality under offering here. Everything else can be done by directly hooking the apps to AD.

Crowd also allows internal directories, which can then become a separate common directory for all the Atlassian apps. Sounds like that is not a requirement for you.

0 votes
Tukaram Bhukya August 15, 2016

Please help me,

I have integrated JIRA with crowd but still it pops up for password and user name when I try to login jira.

Please some one can explain me about it.

 

Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 15, 2016

@Tukaram Bhukya,

That's probably because you haven't previously logged onto another Crowd integrated application (e.g. Confluence). Please read my answer to your other question: https://answers.atlassian.com/questions/39984070

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events