Community
Products
Crowd
Questions
Ideal setup for crowd and two confluence's

Ideal setup for crowd and two confluence's

I'm in the process of setting up another Confluence (ConfB). I validate users through my crowd-installation. I have users that need access to both the existing Confluence (ConfA) and ConfB - and more importantly, I have users (new-users) which will only be allowed on ConfB. They shouldn't even be able to login to ConfA.

I'm thinking about two solutions.

1) Create New-Users directly in ConfB. The old-users can gain access through integration with Crowd and new-users will have no rights on ConfA as they are not even i Crowd.

2) rename the "confluence-users" group in ConfB to ConfBUsers and give this group the global "Can Use" Put all the new users in Crowd and give them the group ConfBUsers. The old-users that need access I can also give the ConfBUsers group.

Are there any other (and better) solutions? Which solution will be the solution that is most "mainstream"?

1 answer

1 accepted

Hi @Henrik Mikkelsen

If I understand correctly, you have a Crowd instance where you host your users (in an internal directory) who can access ConfA. I believe that the simplest solution for you would be to:

create another application in Crowd - ConfB (apart for the one you already have ConfA)
create another internal directory in Crowd which will host new-users (users that can access only ConfB)
assign newly created directory, which hosts only new-users, to ConfB
assign old internal directory to ConfB - so users that can access ConfA can also access ConfB

Make sure that ConfA does not have directory with new-users assigned.

I assume that "old users" and "new-users" are completely different users. I believe it would be easier for you to maintain your users from one place, which is Crowd.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi @Marcin Kempa

An even better idea .

Are there any known challenges in having multiple internal directories? I'm thinking about stretching this idea even further and have some of my user groups having their own internal directory.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I am not aware of any know challenges. I assume you do not have any external user directory and you rely completely on Crowd?

Are you groups disjoint? I mean your users may only belong to one of those groups and not to two of them at the same time?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

No and yes.

I do have external directories in two forms:

My crowd adresses a couple of AD's where 75% of Old-Users are. (Delegated Authentication) The remaining Old-Users are in the default crowd Internal Directory.
In JSD all my customers are only in JIRA - and not in Crowd. I did this as i did not have enough licenses for Crowd. But I'm moving towards Unlimited - so there is probably no reason for that anymore.

Yes - at the moment at least the user groups are disjoint.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Suggest an answer

Crowd

Products

Interests

Groups

Community resources

Support

Ideal setup for crowd and two confluence's

1 answer

1 accepted

Suggest an answer

Maggie Roney

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Atlassian User Groups

Find my local user group

Groups near you