Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,467,410
Community Members
 
Community Events
177
Community Groups

Prevent G Suite login other than by AD bound machines

Being able to be signed in automatically after the user logs into a bound machine (win/mac) is great. What I'm wondering if Crowd can only allow users to login from a device that is AD bound. Effectively limiting a user to be able to login to G Suite only via trusted/known devices?

2 answers

It was your IWAAC solution that made me post this in fact. It might be worth getting in touch to discuss further and demo the solution. 

Sure! Feel free to drop us a line at support@cleito.com

0 votes

Hello @Steve Larsen

First of all, please allow me to make sure that I understand your context correctly. My understanding is that you want to use the Google Apps Connector that is shipped with Crowd to authenticate your Google Apps users on Crowd. In other words, when your unauthenticated users will hit a Google Apps page they will be redirected to Crowd's login page on which they will enter their Crowd username and password.

I also understand that you want to add Windows SSO on top of that, meaning that you want that Windows domains users don't need to enter any username and password when they are redirected to Crowd's login page. You will need a third-party plugin like IWAAC Kerberos SSO to achieve this (Important Disclaimer: I work for that plugin's vendor). You might want to take a look at our integration guide for G Suite / Google Apps.

Now, regarding your main and last question, the IWAAC plugin has options to enable/disable Windows SSO when users connect from specific IPs or from devices of specific types. For instance, you could tell the plugin to allow Windows SSO only for users connecting from a Mac/PC that has an IP in your internal domain network (e.g. 192.168.0.1/24).

I hope this does answer your question 🙂

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events