In our current environment we have the following systems using internal user management:
We have just purchased a license for Stash and as part of this I'm looking at a better way to manage and maintain users in the system. The key requirement is to leverage our LDAP system for authentication. Groups etc would not be maintained in LDAP.
What is the best practice for this? I was looking at the Atlassian Crowd product to sit between JIRA, Confluence and Stash and LDAP but am unsure if there is any benefit from doing this or if I'm best of migrating everything to talk to LDAP directly.
One item of note, not everyone has an account on all systems. Some have JIRA only, some have confluence only and only a small number of people will need a Stash account.
I'm also interested in the migration process and how best to achive this, from my research it seems JIRA can do this out of the box, Confluence requires some manual DB updates.
I would recommend Crowd if you want to try and simplify the process. You also get SSO then between all these instances.
With Crowd 2.6 you can have an AD/LDAP connected directory whilst still maintaining groups in Crowd. You can control which groups have access to which applications on an application by application basis.
Although it may seem like overkill adding yet another tool, for the users that do have multiple accounts in the systems (and onboarding/offboarding accounts etc..) it is nice to try do this in one place rather than potentially in each application.
I would say this is generally the recommended approach, however, individual circumstances may not warrant it.
Crowd can source it's initial set of users/groups from an application, so you could setup crowd by pulling groups from JIRA for example
Agree with all that Colin said.
Also - once you go past JIRA and Confluence, this in my opinion is one of the exact reasons FOR Crowd. We couldn't live without it -
I think this page describes a relatively complex capability set, simply.
I mean the overall concepts of what Crowd does is not that hard to understand. But as a SW product, user and group management between many applications AND SSO are both complex problems to solve (in all applications).
So Crowd solves a hard problem area in addition to being the centralized hub logically. It just makes a lot of sense from a network architecture perspective.
This page also is an answers winner for key questions that will come up if you move to Crowd.
Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs