One crowd server for several JIRA and Confluence instances?

Deleted user April 9, 2018

We have several JIRA and Confluence instances on different servers in our department and we are looking for a single sign-on to them.

  • Does Crowd offer this feature (using the company-wide LDAP and the sign-on every user has initially made to the windows domain)?
  • What would be in this case the number of users considered for the license costs? Is it - the sum of the user numbers of all instances (regardless of multiple memberships)
    - the total number of users who use one or more instances 
    - the number of users in the LDAP directory
    - the number of users listed in Crowd?
  • If we use Crowd, can we configure additional "local" users who login directly?
  • Does Crowd have additional user filters (black lists or white lists as subsets from LDAP)?

3 answers

1 accepted

1 vote
Answer accepted
Sloan N_ B_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 9, 2018

Hi @[deleted]

Crowd should fulfill all your requirements.

About pricing and licensing:

A Crowd user is defined as any user account that can authenticate against one or more applications.

So every user in crowd able to authenticate for one of your Atlassian Applications counts towards the license. See https://www.atlassian.com/software/crowd/pricing for more details.

Cheers
Niklas

2 votes
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 9, 2018

Hi @[deleted],

In addition to Niklas' answer, please allow me to make a comment regarding your first requirement: "SSO using the company-wide LDAP and the sign-on every user has initially made to the windows domain".

Out of the box Crowd provides Web SSO but it does not provide Windows SSO. This means that you will need to authenticate on a first Atlassian application (e.g. Jira) with your LDAP username and password before you can navigate to other Atlassian applications (e.g. Confluence) without reauthenticating.

If you want your users to be automatically authenticated in your Atlassian applications right after they logged onto your Windows domain you will need a Kerberos add-on.

You might want to take a look at the Integrated Windows Authentication for Applications using Crowd (IWAAC) add-on: https://marketplace.atlassian.com/plugins/com.cleito.iwaac/server/overview

It does exactly what you want in addition to Crowd's native features.

(Disclaimer: I work for the vendor of the IWAAC plugin)

Please note that there are other Kerberos add-ons available on Atlassian Marketplace: https://marketplace.atlassian.com/search?query=kerberos

Hope this helps.

Bruno

Sloan N_ B_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 10, 2018

Bruno Vincent Thanks for adding this @Bruno Vincent. I did not take in account that LDAP SSO could be required.

0 votes
Deleted user April 9, 2018

Thank you, we will give it a try.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events