Ideal setup for crowd and two confluence's

I'm in the process of setting up another Confluence (ConfB). I validate users through my crowd-installation. I have users that need access to both the existing Confluence (ConfA) and ConfB - and more importantly, I have users (new-users) which will only be allowed on ConfB. They shouldn't even be able to login to ConfA.

I'm thinking about two solutions.

1) Create New-Users directly in ConfB. The old-users can gain access through integration with Crowd and new-users will have no rights on ConfA as they are not even i Crowd.

2) rename the "confluence-users" group in ConfB to ConfBUsers and give this group the global "Can Use" Put all the new users in Crowd and give them the group ConfBUsers. The old-users that need access I can also give the ConfBUsers group.

 

Are there any other (and better) solutions? Which solution will be the solution that is most "mainstream"?

1 answer

1 accepted

1 vote
Marcin Kempa Atlassian Team May 31, 2016

Hi @Henrik Mikkelsen

If I understand correctly, you have a Crowd instance where you host your users (in an internal directory) who can access ConfA. I believe that the simplest solution for you would be to:

  • create another application in Crowd - ConfB (apart for the one you already have ConfA)
  • create another internal directory in Crowd which will host new-users (users that can access only ConfB)
  • assign newly created directory, which hosts only new-users, to ConfB
  • assign old internal directory to ConfB - so users that can access ConfA can also access ConfB

Make sure that ConfA does not have directory with new-users assigned.

I assume that "old users" and "new-users" are completely different users. I believe it would be easier for you to maintain your users from one place, which is Crowd.

Hi @Marcin Kempa

An even better idea smile.

Are there any known challenges in having multiple internal directories? I'm thinking about stretching this idea even further and have some of my user groups having their own internal directory.

Marcin Kempa Atlassian Team Jun 01, 2016

I am not aware of any know challenges. I assume you do not have any external user directory and you rely completely on Crowd?

Are you groups disjoint? I mean your users may only belong to one of those groups and not to two of them at the same time?

No and yes.

I do have external directories in two forms:

  • My crowd adresses a couple of AD's where 75% of Old-Users are. (Delegated Authentication) The remaining Old-Users are in the default crowd Internal Directory.
  • In JSD all my customers are only in JIRA - and not in Crowd. I did this as i did not have enough licenses for Crowd. But I'm moving towards Unlimited - so there is probably no reason for that anymore.

Yes - at the moment at least the user groups are disjoint. 

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Maggie Roney
Published Feb 27, 2018 in Crowd

The Crowd team is looking for feedback on Server & Data Center customers' identity strategies!

Do you own more than one Server or Data Center product? Do you have challenges provisioning users across your Atlassian products? Are you spending a lot of time integrating each Atlassian product wit...

576 views 6 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you