Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,458,198
Community Members
 
Community Events
176
Community Groups

Suggestions for moving to Crowd SSO with Google Apps?

We currently have over 150 users set up on Google Apps. I want to implement an LDAP server with Crowd so that I have a centralised platform that can be used for Google authentication (SSO) plus Crowd/LDAP authentication with other platforms.

As I understand it, once I've enabled SSO on Google Apps, all login requests will be directed to Crowd. This would seem to make it quite difficult to test SSO/Crowd without affecting all users.

Also, once I've populated the LDAP directory, I need to get the users to set their desired passwords so that when SSO *is* turned on, they know what password to use.

Has anyone gone through a similar process and got suggestions to share on how best to tackle these issues?

Thanks.

2 answers

1 accepted

0 votes
Answer accepted

If a business is using Google Apps, they get their own URL which users must enter if they want the redirect to go off to Crowd. If users use the generic URL, e.g. www.gmail.com, they still get authorised by Google Accounts.

Also, it is possible to put a netmask into the SSO configuration on Google, ensuring that the redirect only happens if the user is on the correct network.

0 votes

Reading this question:

https://answers.atlassian.com/questions/29680/crowd-sso-with-google-apps-assistance

it looks, from one of the answers, as if users can actually override the SSO process and continue to log in with the Google authentication?

"Please note that as long as users' passwords are synced between your LDAP system and Google, users can bypass the SSO login system by signing in directly to Google."

If that is the case, it would seem that I can:

a) populate LDAP and get staff to start setting their passwords.

b) set up SSO on Google and tell staff not to use it. I think I could even enforce that by using the Crowd settings to restrict who is allowed to log in via SSO.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events