Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Ideal setup for crowd and two confluence's

Henrik Mikkelsen
Henrik Mikkelsen May 31, 2016

I'm in the process of setting up another Confluence (ConfB). I validate users through my crowd-installation. I have users that need access to both the existing Confluence (ConfA) and ConfB - and more importantly, I have users (new-users) which will only be allowed on ConfB. They shouldn't even be able to login to ConfA.

I'm thinking about two solutions.

1) Create New-Users directly in ConfB. The old-users can gain access through integration with Crowd and new-users will have no rights on ConfA as they are not even i Crowd.

2) rename the "confluence-users" group in ConfB to ConfBUsers and give this group the global "Can Use" Put all the new users in Crowd and give them the group ConfBUsers. The old-users that need access I can also give the ConfBUsers group.

 

Are there any other (and better) solutions? Which solution will be the solution that is most "mainstream"?

Answer
Watch
Like lpater likes this
447 views

1 answer

1 accepted

1 vote
Answer accepted
Marcin Kempa
Marcin Kempa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 31, 2016

Hi @Henrik Mikkelsen

If I understand correctly, you have a Crowd instance where you host your users (in an internal directory) who can access ConfA. I believe that the simplest solution for you would be to:

  • create another application in Crowd - ConfB (apart for the one you already have ConfA)
  • create another internal directory in Crowd which will host new-users (users that can access only ConfB)
  • assign newly created directory, which hosts only new-users, to ConfB
  • assign old internal directory to ConfB - so users that can access ConfA can also access ConfB

Make sure that ConfA does not have directory with new-users assigned.

I assume that "old users" and "new-users" are completely different users. I believe it would be easier for you to maintain your users from one place, which is Crowd.

View More Comments
Henrik Mikkelsen
Henrik Mikkelsen June 1, 2016

Hi @Marcin Kempa

An even better idea smile.

Are there any known challenges in having multiple internal directories? I'm thinking about stretching this idea even further and have some of my user groups having their own internal directory.

Like
Marcin Kempa
Marcin Kempa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 1, 2016

I am not aware of any know challenges. I assume you do not have any external user directory and you rely completely on Crowd?

Are you groups disjoint? I mean your users may only belong to one of those groups and not to two of them at the same time?

Like
Henrik Mikkelsen
Henrik Mikkelsen June 1, 2016

No and yes.

I do have external directories in two forms:

  • My crowd adresses a couple of AD's where 75% of Old-Users are. (Delegated Authentication) The remaining Old-Users are in the default crowd Internal Directory.
  • In JSD all my customers are only in JIRA - and not in Crowd. I did this as i did not have enough licenses for Crowd. But I'm moving towards Unlimited - so there is probably no reason for that anymore.

Yes - at the moment at least the user groups are disjoint. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events