Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Suggestions for moving to Crowd SSO with Google Apps?

Philip Colmer
Philip Colmer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 10, 2012

We currently have over 150 users set up on Google Apps. I want to implement an LDAP server with Crowd so that I have a centralised platform that can be used for Google authentication (SSO) plus Crowd/LDAP authentication with other platforms.

As I understand it, once I've enabled SSO on Google Apps, all login requests will be directed to Crowd. This would seem to make it quite difficult to test SSO/Crowd without affecting all users.

Also, once I've populated the LDAP directory, I need to get the users to set their desired passwords so that when SSO *is* turned on, they know what password to use.

Has anyone gone through a similar process and got suggestions to share on how best to tackle these issues?

Thanks.

Answer
Watch
Like Be the first to like this
789 views

2 answers

1 accepted

0 votes
Answer accepted
Philip Colmer
Philip Colmer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 3, 2013

If a business is using Google Apps, they get their own URL which users must enter if they want the redirect to go off to Crowd. If users use the generic URL, e.g. www.gmail.com, they still get authorised by Google Accounts.

Also, it is possible to put a netmask into the SSO configuration on Google, ensuring that the redirect only happens if the user is on the correct network.

Reply
0 votes
Philip Colmer
Philip Colmer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 10, 2012

Reading this question:

https://answers.atlassian.com/questions/29680/crowd-sso-with-google-apps-assistance

it looks, from one of the answers, as if users can actually override the SSO process and continue to log in with the Google authentication?

"Please note that as long as users' passwords are synced between your LDAP system and Google, users can bypass the SSO login system by signing in directly to Google."

If that is the case, it would seem that I can:

a) populate LDAP and get staff to start setting their passwords.

b) set up SSO on Google and tell staff not to use it. I think I could even enforce that by using the Crowd settings to restrict who is allowed to log in via SSO.

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events