It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

User management best practice

In our current environment we have the following systems using internal user management:

  • JIRA + Greenhopper + Bonfire
  • JIRA second instance
  • Confluence + Team Calendars

We have just purchased a license for Stash and as part of this I'm looking at a better way to manage and maintain users in the system. The key requirement is to leverage our LDAP system for authentication. Groups etc would not be maintained in LDAP.

What is the best practice for this? I was looking at the Atlassian Crowd product to sit between JIRA, Confluence and Stash and LDAP but am unsure if there is any benefit from doing this or if I'm best of migrating everything to talk to LDAP directly.

One item of note, not everyone has an account on all systems. Some have JIRA only, some have confluence only and only a small number of people will need a Stash account.

I'm also interested in the migration process and how best to achive this, from my research it seems JIRA can do this out of the box, Confluence requires some manual DB updates.

2 answers

1 accepted

4 votes
Answer accepted

I would recommend Crowd if you want to try and simplify the process. You also get SSO then between all these instances.

With Crowd 2.6 you can have an AD/LDAP connected directory whilst still maintaining groups in Crowd. You can control which groups have access to which applications on an application by application basis.

Although it may seem like overkill adding yet another tool, for the users that do have multiple accounts in the systems (and onboarding/offboarding accounts etc..) it is nice to try do this in one place rather than potentially in each application.

I would say this is generally the recommended approach, however, individual circumstances may not warrant it.

Crowd can source it's initial set of users/groups from an application, so you could setup crowd by pulling groups from JIRA for example

Yes you can import from mutiple directories.

I just checked though, looks like Crowd does USER import, not GROUP import. So just take that into account. You'd have to recreate (or script db->db) group memberships

Thanks Colin. I had a feeling Crowd would be the best solution. Can Crowd import users and groups from multiple applications? Once all the users are managed by crowd can I then migrate across to LDAP auth for those users?

Agree with all that Colin said.

Also - once you go past JIRA and Confluence, this in my opinion is one of the exact reasons FOR Crowd. We couldn't live without it -

I think this page describes a relatively complex capability set, simply.

I mean the overall concepts of what Crowd does is not that hard to understand. But as a SW product, user and group management between many applications AND SSO are both complex problems to solve (in all applications).

So Crowd solves a hard problem area in addition to being the centralized hub logically. It just makes a lot of sense from a network architecture perspective.

This page also is an answers winner for key questions that will come up if you move to Crowd.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

We want to hear from you! How do you use Slack and Atlassian together?

Hi Everyone! My name is Mina and I am on Atlassian’s Ecosystems Marketing team. Our team is focused on our technology partnerships and marketplace apps. One of Atlassian’s partners is Slack, who ...

24 views 0 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you