Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can I get SSO for JIRA and Confluence without Crowd?

Deleted user September 12, 2011

I'm planning a combined installation of JIRA and Confluence with single sign-on. Reading the documentation I get the impression that Crowd is no longer needed for these two products. Is my assumption correct?

Also, should Crowd be needed later to support other products, is it easy to add Crowd when needed rather than from the beginning?

Answer
Watch
Like Pavel Petrlik likes this
4786 views

5 answers

1 accepted

2 votes
Answer accepted
Igor Sereda [ALM Works]
Igor Sereda [ALM Works]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 12, 2011

You can have SSO only with Crowd - JIRA user directory does not support SSO (although it's based on Crowd)

You can have a single set of users if you connect Confluence to JIRA user directory, but they will have to log in into each application.

View More Comments
Igor Sereda [ALM Works]
Igor Sereda [ALM Works]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 12, 2011

Can't tell whether it's easy to add Crowd. Probably Crowd instance can be connected to JIRA user directory and so you won't have to transfer the users, but it's just a guess.

Like
Reply
4 votes
Dieter
Dieter
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 1, 2011

You are right, an external Crowd server is not necessary anymore for new versions of JIRA and Confluence since these versions use an embedded Crowd server. All these embedded servers synchronize themselves independantly with an LDAP.

For small environment this is not a problem but if the number of your JIRA and Confluence servers grow and your LDAP contains a lot of users the delta synchronization time is getting painful. This can take up to two hours for a very large AD. So in this case it's worth considering to configure a dedicated Crowd server which of course must be licensed.

Due to the synchronization times we do not yet use Crowd but synchronize only the groups from the AD using our own mechanism.

I do not yet completely agree with the first answer. Out of the box you can get SSO with Crowd only, that's true, but you also can implement your own Authenticator .E.g. you an put your JIRA and Confluence behind a reverse proxy and let this do the authentication and pass along a header variable to the web app which says: "Hey, user xxxxx is authenticated by me".

View More Comments
Ellen Feaheny [
Ellen Feaheny [AppFusions]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 21, 2011
interesting note on the large AD server synching lags with embedded Crowd. Good to know that. Makes sense. Most our customers have Crowd so was wondering abt that and just didn't have many field experiences with the Embedded crowd synching btwn jira and confluence yet. good to know. thanks.
Like
Reply
1 vote
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 22, 2014

I also disagree with Igor's answer. We are maintaining several instances of Confluence with SSO without Crowd, using Kerberos or NTMLv2 authentication with custom authenticators. This technique works for JIRA as well. This way, we don't need Crowd as "middleware" between LDAP and Atlassian applications.

View More Comments
Vinícius Ferrão
Vinícius Ferrão May 31, 2019

Felix, can you share the knowledge? Crowd has some limitations that we would give up SSO... but with your information this would be awesome. Thanks.

Like
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 31, 2019

Hi! Well, this post is now 5 years old and I think the landscape has changed significantly. I can't really provide you any up-to-date suggestion without doing some research first. But I know that I have a few co-workers who have been working on custom SSO things for Confluence and I could totally forward you to them if you're interested?

Like
Vinícius Ferrão
Vinícius Ferrão May 31, 2019

Definitely! If it's not too much to ask, I would really appreciate. SSO with AD or FreeIPA is what I'm specifically looking for. Thanks.

Like
Audun Røe _Kantega SSO_
Audun Røe _Kantega SSO_
Contributor
June 1, 2019

Today, there are several addons (or apps, rather..) in the marketplace. Try them out if an off-the-shelf solution is of interest to you.

Full disclosure: I work for Kantega SSO, one of the vendors.

The vast majority of our Kerberos-users are on Windows+AD, so our documentation and in-app setup guidance both focus heavily on that, but any KDC (including FreeIPA) can be used. We also support SAML, should you decide to go that way.

Like
Felix Grund (Scandio)
Felix Grund (Scandio)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2019

As Audun is saying I think it is definitely your best bet to check out the apps on the marketplace first. It's amazing how much SSO solutions there are today that work pretty much out of the box!

Like
Reply
1 vote
Andrey Larionov1
Andrey Larionov
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 12, 2011

Actually you could, by implementing RememberMeService (it's for JIRA, don't know Interface for Confluence) in each Application, but you should have federated authentication service, which guarantee security and validation of SSO process.

Reply
0 votes
Pavel Petrlik
Pavel Petrlik
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 22, 2014

hello,

are these informations still up to date? do I need atlassian Crowd to set up SSO for JIRA and Confluence?

 

thanks a lot for answer

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events