Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

User direcotry and SSO with different groups

Edited

Hi,

we are currently using Crowd as a directory provider and a SSO IdP. Crowd itself uses mostly an internal LDAP for user information.

However, we also use local groups in crowd (managing groups via the LDAP is tedious). The groups are mainly used for authorization in Jira and Confluence.

The organization provides another IdP, integrated with several other internal and external services. I would like to use that SAML authentication. There are no additional users in Crowd, only additional groups.

I would like to know if authentication can be done by the IdP and authorization by the Crowd directory?

best regards,
Martin Bens

1 answer

Hi @Martin Bens 

Looking at the message, it seems you want to use Crowd as a User Directory to manage user's permission for JIRA and Confluence but want to delegate user authentication from Crowd to IDP via SAML. right?

If this is the case, you can easily achieve this requirement using the Crowd SAML SSO plugin and its connector add-ons for JIRA and Confluence.  Crowd SAML SSO plugin allows you to enable SAML SSO from IDP and using the SSO connector, any user accessing the application (JIRA or Confluence) gets redirected to IDP for authentication.

Here, all the SAML authentication requests and responses to and from IDP will go through the Crowd server. The user authentication will be done by the IDP and Crowd can still be used to manage user's permissions.

Let me know if you need more details on this or you can reach out to the miniOrange support for further assistance with the configuration.

Thanks and Regard,

Lokesh

PS: I work for miniOrange. One of the top SSO vendors in the Atlassian Marketplace.

Thx.

That might be exactly what we need. Do I need the premium plan or is the free plan sufficient?

Hi Martin,

In SAML, IDP sends the user information (username, email, etc) in the SAML Response which is used to identify SSO users by mapping the username of the user from IDP to Crowd. If IDP can send the user's Atlassian username (username in Crowd) in the NameID attribute of the SAML Response then the free plugin will work for you. 

But my recommendation is to move forward with the Premium plugin for advanced usability and security features.

Please note that the SSO connector add-on is not free but available for free TRIAL.

Thanks and Regard,

Lokesh

PS: I work for miniOrange. One of the top SSO vendors in the Atlassian Marketplace.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
4.2.2 (Data Center)
TAGS
Community showcase
Published in Jira

Admins, notify your Jira instance of system-wide changes with the new admin announcement banner

Hi All! We’re excited to share the launch of an announcement banner that lets Jira site administrators communicate directly to their users across Jira Cloud instance.   📢 Get y...

205 views 8 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you