I am looking for community advice on how best integrate existing on-prem Confluence, Jira Software with ADFS.
Currently, each application connects directly to an LDAP user directory (Active Directory). Vast majority of our users are AD users (99%) and practically all permissions and access rights are assigned via membership in AD groups. Overall, we have over 1000 users and groups in AD that are used by Confluence and Jira (space/project permissions, 3rd party addons permissions and such).
Both Confluence and Jira have a regular Server license (not DC), so there is no direct way to integrate with a SAML based IdP such as ADFS.
According to a diagram in this document here, using Atlassian Crowd might be a solution to overcome that limitation (scroll down to "using Atlassian Crowd ... with Active Directory Federation Services"), however the document doesn’t give any further details.
I have deployed a new Crowd instance, but it's not yet connected to any external directories (there is only one internal directory created by the setup wizard).
Specific questions that I'm looking for your input (focusing on Confluence first):
- How do I add (integrate) existing Confluence application into Crowd, and at the same time ensuring that existing AD users and groups continue to work as they do today (user permissions, access rights don't change)? Available documentation that I found so far covers only adding an application that uses local accounts and groups, whereas my application uses AD users and groups.
- After I have Crowd doing the authentication part for Confluence, how do I switch Crowd from LDAP to ADFS?
- Does this plan make sense (doable)? If I'm missing something and you would do it differently, what way would you do it?
Any advice and suggestions will be greatly appreciated!
Installed Crowd version: 3.7, Confluence: 7.1, Jira: 8.5
I believe there is a misunderstanding. Crowd does not integrate with ADFS via SAML. In the document you referred to it's the application itself that integrates with ADFS via SAML using a SAML app inside the application, whereas Crowd merely serves as the backend user directory, itself (optionally) integrated to the AD (which also happens to be "behind" ADFS). Crowd Data Center has an ability to be a SAML IdP but this is again not what you are after.
You don't really need Crowd. Your setup is 100% ready to integrate with ADFS by installing one of SAML SSO apps into your Jira Software and Confluence.
I work for Techtime, an Atlassian Marketplace Top Vendor and vendor of EasySSO app for Server and Data Center. We target complex environments where there may be a need for additional authenticators – besides SAML, we provide 4 more: NTLM, Kerberos, HTTP Headers and X.509. Because of that we could give you a standards-based SSO even without ADFS, but we work with AFDS too. Do give it a try, it should take you less than 5 minutes and our 24x7 support is here to help if required.
My partner and I were planning this relocation for years. It was our shared dream to try and live in another country. As children of immigrants, we already have experienced this once, but this still ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events