Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Prevent users from Crowd to be users in JIRA or Confluence


We use Crowd with a single user directory to control user access to JIRA and Confluence. The problem is that all users in the directory, even if the do not have access to the corresponding application, are visible in JIRA and Confluence and do count against the license limit.

How can we define access to Confluence or JIRA within Crowd for certain groups and not for others? Is the only way to do that having different directories?


Best regards


1 answer

0 votes
AnnWorley Atlassian Team Sep 25, 2017

You can definitely limit which groups can access Jira and Confluence from Crowd. Click on the Application in Crowd, click the Directories tab and choose False under Allow all to authenticate. Then go to the Groups tab and limit access to the groups you want.

Here are more details on how this works: Specifying which Groups can access an Application and Mapping a Directory to an Application

I understand how to enable a group for a specific application, and I have set "allow all" to false for any application (except Crowd).
My problem is that all users are visible in all applications: it seems that all groups defined within Crowd are propagated to all applications, even though they are not allowed to authenticate.

We are using version 2.10 of Crowd and have connected 2 JIRA instances, 1 Confluence and 1 Bitbucket instance.

AnnWorley Atlassian Team Sep 25, 2017

I misunderstood the question.It sounds like there are two issues, one is that the users are visible in the applications that they don't use and the second issue of them taking up licenses.

To keep the users from showing up in the wrong applications you could set up different Directories for each application in Crowd. However, if you want to use Single Sign-on at some point you will need to use the same directory for all the applications. It seems like if the users don't take up a license it will be ok that they are listed in the user management consoles.

The license counts in Jira, Bitbucket and Confluence depend on Global permissions, so you can control which users take up a license by setting permissions:


Users with any of the following Global Permissions and is an Active status will count towards the license:
JIRA applications System Administrators
JIRA applications Administrators
JIRA applications Users


Global Permission
Can Use
This is the most basic permission that allows users to access the site.
Users with this permission count towards the number of users allowed by your license.


User accounts that have not been assigned "Bitbucket Server User" permission or higher, either directly or through group membership, will not be able to log in to Bitbucket Server. These users are considered unlicensed and do not count towards your Bitbucket Server license limit.

Thank you for your quick answer. I set up a separate directory for all external people, so I can to some extent limit access and license count.

However, I do not understand why all groups in a directory are propagated to all connected applications. In my opinion propagation should be limited to those groups assigned to an application.

AnnWorley Atlassian Team Sep 25, 2017

I am happy to hear you found a workaround for your setup.

Judging by the comments on Improvement for Crowd to have selectable group sync it looks like the reason all groups from the directory are synchronized to the applications is:

...keeping memberships common across the applications is simpler and allows for groups like developers that have common cross-application behaviour.

lpater Atlassian Team Sep 26, 2017

For context there is an open feature request for limiting the users visible to the application to only those that can authenticate here:

Currently a workaround is to configure directories with the right users, and then attach them to the correct applications (which sounds pretty close to what you ended up with).

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

321 views 9 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you