User management best practice

In our current environment we have the following systems using internal user management:

  • JIRA + Greenhopper + Bonfire
  • JIRA second instance
  • Confluence + Team Calendars

We have just purchased a license for Stash and as part of this I'm looking at a better way to manage and maintain users in the system. The key requirement is to leverage our LDAP system for authentication. Groups etc would not be maintained in LDAP.

What is the best practice for this? I was looking at the Atlassian Crowd product to sit between JIRA, Confluence and Stash and LDAP but am unsure if there is any benefit from doing this or if I'm best of migrating everything to talk to LDAP directly.

One item of note, not everyone has an account on all systems. Some have JIRA only, some have confluence only and only a small number of people will need a Stash account.

I'm also interested in the migration process and how best to achive this, from my research it seems JIRA can do this out of the box, Confluence requires some manual DB updates.

2 answers

1 accepted

This widget could not be displayed.

I would recommend Crowd if you want to try and simplify the process. You also get SSO then between all these instances.

With Crowd 2.6 you can have an AD/LDAP connected directory whilst still maintaining groups in Crowd. You can control which groups have access to which applications on an application by application basis.

Although it may seem like overkill adding yet another tool, for the users that do have multiple accounts in the systems (and onboarding/offboarding accounts etc..) it is nice to try do this in one place rather than potentially in each application.

I would say this is generally the recommended approach, however, individual circumstances may not warrant it.

Crowd can source it's initial set of users/groups from an application, so you could setup crowd by pulling groups from JIRA for example

Yes you can import from mutiple directories.

I just checked though, looks like Crowd does USER import, not GROUP import. So just take that into account. You'd have to recreate (or script db->db) group memberships

Thanks Colin. I had a feeling Crowd would be the best solution. Can Crowd import users and groups from multiple applications? Once all the users are managed by crowd can I then migrate across to LDAP auth for those users?

This widget could not be displayed.

Agree with all that Colin said.

Also - once you go past JIRA and Confluence, this in my opinion is one of the exact reasons FOR Crowd. We couldn't live without it -

I think this page describes a relatively complex capability set, simply.

https://confluence.atlassian.com/display/CROWD/Concepts

I mean the overall concepts of what Crowd does is not that hard to understand. But as a SW product, user and group management between many applications AND SSO are both complex problems to solve (in all applications).

So Crowd solves a hard problem area in addition to being the centralized hub logically. It just makes a lot of sense from a network architecture perspective.

This page also is an answers winner for key questions that will come up if you move to Crowd.

https://confluence.atlassian.com/display/CROWD/Deployment+FAQ

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

155 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you