Hello,
I have setup Crowd, and have integrated this with Stash. I will be deploying and integrating Crowd with the other apps in the Atlassian Suite as well (Crucible, Jira, Confluence, Bamboo, a few custom apps, etc). Crowd will be used for SSO, 2FA, and to simplify managing users across the suite of apps.
I think it is relatively clear how to setup users/groups/permissions for the regular users.. I am planning on a Directory for all company users, and groups to delegate permissions for authenticating with each app.
Here is where I get less certain, and where I would appreciate insights from your experience: What is a recommended setup for managing administrative access to each of these apps?
1) Should I ensure a Super Admin User exists in each app's Internal User Directory, and use this to configure the app if Crowd is unavailable?
2) How would I delegate administrative permissions (over each app, not Crowd) to Users in the Crowd User Directory?
Thanks!
Should I ensure a Super Admin User exists in each app's Internal User Directory, and use this to configure the app if Crowd is unavailable?
Yes. If you don't have this, when Crowd dies, you'll have a mess on your hands.
How would I delegate administrative permissions (over each app, not Crowd) to Users in the Crowd User Directory?
Crowd will sycn the users to each of the application. Users and groups in the app will be show with the label of "Crowd User". They are just like any any app user and group where you can use them in schemes.
If I have a user defined in an App's Internal User Directory, and another User with the same name in the Crowd directory, is there a _first match wins_ I need to be aware of?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
On the second question, I'm not sure the answer provided is sufficiently clear, though I am having a difficult time coming up with a more nuanced version of the question. I will research some more first.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
bq. is there a _first match wins_ I need to be aware of? If there is a duplicate usernames, the order of your User Directory takes precedence.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.