Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Suggestions for moving to Crowd SSO with Google Apps?

We currently have over 150 users set up on Google Apps. I want to implement an LDAP server with Crowd so that I have a centralised platform that can be used for Google authentication (SSO) plus Crowd/LDAP authentication with other platforms.

As I understand it, once I've enabled SSO on Google Apps, all login requests will be directed to Crowd. This would seem to make it quite difficult to test SSO/Crowd without affecting all users.

Also, once I've populated the LDAP directory, I need to get the users to set their desired passwords so that when SSO *is* turned on, they know what password to use.

Has anyone gone through a similar process and got suggestions to share on how best to tackle these issues?

Thanks.

2 answers

1 accepted

0 votes
Answer accepted

If a business is using Google Apps, they get their own URL which users must enter if they want the redirect to go off to Crowd. If users use the generic URL, e.g. www.gmail.com, they still get authorised by Google Accounts.

Also, it is possible to put a netmask into the SSO configuration on Google, ensuring that the redirect only happens if the user is on the correct network.

Reading this question:

https://answers.atlassian.com/questions/29680/crowd-sso-with-google-apps-assistance

it looks, from one of the answers, as if users can actually override the SSO process and continue to log in with the Google authentication?

"Please note that as long as users' passwords are synced between your LDAP system and Google, users can bypass the SSO login system by signing in directly to Google."

If that is the case, it would seem that I can:

a) populate LDAP and get staff to start setting their passwords.

b) set up SSO on Google and tell staff not to use it. I think I could even enforce that by using the Crowd settings to restrict who is allowed to log in via SSO.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

307 views 9 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you