Using crowd directory with more than one Jira instance (each of which has different user license)

Hi guys,

I've never been able to figure this one out. Let's say I have a user directory in crowd that has 700 users. A group in that directory has 10 users.

Okay -- now I have 2 Jira instances, one with a 500 user limit, the other with 2000. I don't care (in fact I want) all 700 to be in the 2000 user jira. But I want only the 10 users from this particular group in the directory to apply to the other Jira. With me so far?

Right -- so in Crowd, for the application where I only want 10 users, I add the directory, mark all users can authenticate as false, and specify the group with the 10 users I want.

The use case here is for a handful of users to have internal access rights, but everyone to have external access rights. (We acquired a company, and are absorbing them into our environment).


Unfortunately, when I sync my internal Jira instance (the 500 user one) -- it pulls in all users towards my license, exceeding my limit. It's pretty much saying to me -- "Yeah, I don't care that you specified that you don't want everyone to authenticate -- I am adding them all. Enjoy!"

-- these users are local, not ldap

Is there a way to accomplish this? Seems to me I should be able to dictate which users can authenticate to my applications, regardless of directory.

Anyway -- there you go. Frustrating situation. I know I could create the users in a separate group or directory, but I don't feel like I should have to. That's wasted replication of effort. ;)

1 answer

1 accepted

Accepted Answer
0 votes

There's no nice way to accomplish that, short of some custom development or separate directories / groups as you mentioned. The set of constraints leading to this unfortunate situation is that

  • connected applications (JIRA) may still need to "see" users who cannot authenticate (e.g. disabled users who have left the company but created issues), so Crowd can't sync a subset of users
  • connected applications themselves decide which users count towards the license limit, generally without checking whether each user can authenticate to Crowd or not (e.g. based on group membership)
  • Crowd has no way to only expose a subset of users for syncing to a connected application

So yep, the cleanest work around is probably to get each JIRA instance to use separate "user can use JIRA" groups.

Thanks - at least I now know I wasn't going crazy. ☺

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

26,857 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you