Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

User direcotry and SSO with different groups

Martin Bens
Martin Bens
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 9, 2021

Hi,

we are currently using Crowd as a directory provider and a SSO IdP. Crowd itself uses mostly an internal LDAP for user information.

However, we also use local groups in crowd (managing groups via the LDAP is tedious). The groups are mainly used for authorization in Jira and Confluence.

The organization provides another IdP, integrated with several other internal and external services. I would like to use that SAML authentication. There are no additional users in Crowd, only additional groups.

I would like to know if authentication can be done by the IdP and authorization by the Crowd directory?

best regards,
Martin Bens

Answer
Watch
Like Be the first to like this
759 views

1 answer

0 votes
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
February 10, 2021

Hi @Martin Bens 

Looking at the message, it seems you want to use Crowd as a User Directory to manage user's permission for JIRA and Confluence but want to delegate user authentication from Crowd to IDP via SAML. right?

If this is the case, you can easily achieve this requirement using the Crowd SAML SSO plugin and its connector add-ons for JIRA and Confluence.  Crowd SAML SSO plugin allows you to enable SAML SSO from IDP and using the SSO connector, any user accessing the application (JIRA or Confluence) gets redirected to IDP for authentication.

Here, all the SAML authentication requests and responses to and from IDP will go through the Crowd server. The user authentication will be done by the IDP and Crowd can still be used to manage user's permissions.

Let me know if you need more details on this or you can reach out to the miniOrange support for further assistance with the configuration.

Thanks and Regard,

Lokesh

PS: I work for miniOrange. One of the top SSO vendors in the Atlassian Marketplace.

View More Comments
Martin Bens
Martin Bens
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 10, 2021

Thx.

That might be exactly what we need. Do I need the premium plan or is the free plan sufficient?

Like
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
February 10, 2021

Hi Martin,

In SAML, IDP sends the user information (username, email, etc) in the SAML Response which is used to identify SSO users by mapping the username of the user from IDP to Crowd. If IDP can send the user's Atlassian username (username in Crowd) in the NameID attribute of the SAML Response then the free plugin will work for you. 

But my recommendation is to move forward with the Premium plugin for advanced usability and security features.

Please note that the SSO connector add-on is not free but available for free TRIAL.

Thanks and Regard,

Lokesh

PS: I work for miniOrange. One of the top SSO vendors in the Atlassian Marketplace.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
DEPLOYMENT TYPE
SERVER
VERSION
4.2.2 (Data Center)
TAGS
AUG Leaders

Atlassian Community Events

    See all events