Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,298,337
Community Members
 
Community Events
165
Community Groups

User direcotry and SSO with different groups

Edited

Hi,

we are currently using Crowd as a directory provider and a SSO IdP. Crowd itself uses mostly an internal LDAP for user information.

However, we also use local groups in crowd (managing groups via the LDAP is tedious). The groups are mainly used for authorization in Jira and Confluence.

The organization provides another IdP, integrated with several other internal and external services. I would like to use that SAML authentication. There are no additional users in Crowd, only additional groups.

I would like to know if authentication can be done by the IdP and authorization by the Crowd directory?

best regards,
Martin Bens

1 answer

0 votes

Hi @Martin Bens 

Looking at the message, it seems you want to use Crowd as a User Directory to manage user's permission for JIRA and Confluence but want to delegate user authentication from Crowd to IDP via SAML. right?

If this is the case, you can easily achieve this requirement using the Crowd SAML SSO plugin and its connector add-ons for JIRA and Confluence.  Crowd SAML SSO plugin allows you to enable SAML SSO from IDP and using the SSO connector, any user accessing the application (JIRA or Confluence) gets redirected to IDP for authentication.

Here, all the SAML authentication requests and responses to and from IDP will go through the Crowd server. The user authentication will be done by the IDP and Crowd can still be used to manage user's permissions.

Let me know if you need more details on this or you can reach out to the miniOrange support for further assistance with the configuration.

Thanks and Regard,

Lokesh

PS: I work for miniOrange. One of the top SSO vendors in the Atlassian Marketplace.

Thx.

That might be exactly what we need. Do I need the premium plan or is the free plan sufficient?

Hi Martin,

In SAML, IDP sends the user information (username, email, etc) in the SAML Response which is used to identify SSO users by mapping the username of the user from IDP to Crowd. If IDP can send the user's Atlassian username (username in Crowd) in the NameID attribute of the SAML Response then the free plugin will work for you. 

But my recommendation is to move forward with the Premium plugin for advanced usability and security features.

Please note that the SSO connector add-on is not free but available for free TRIAL.

Thanks and Regard,

Lokesh

PS: I work for miniOrange. One of the top SSO vendors in the Atlassian Marketplace.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
4.2.2 (Data Center)
TAGS
Community showcase
Published in Confluence

An update on Confluence Cloud customer feedback – June 2022

Hi everyone, We’re always looking at how to improve Confluence and customer feedback plays an important role in making sure we're investing in the areas that will bring the most value to the most c...

181 views 1 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you