crowd user management and app authentication

Thank you. I may be beginning to see where my confusion is coming from. Within JIRA, if I click on the System permissions tab, and then click on the Global Permissions, I do see a JIRA Users permission. In the Users / Groups column, the group jira-users is listed. If I go back back to Crowd and click on the Groups section in the top navigation bar, I can then select the JIRA Directory and see the jira-users group listed there. I click on the jira-users group link and view it's Direct Members and see that testuser2 is not listed. If I click on the 'Add Users' button, it does not allow me to add testuser2 to the group. What is the point of the 'Allow all to authenticate' permission? I would have thought that adding testuser2 to the Crowd Directory and telling JIRA that all from this directory are allowed to authenticate would be enough. Going back to JIRA, I added the permission: JIRA Users with Group: crowd-users. testuser2 is in the group crowd-users and I can authenticate, but I can't help but think this is the wrong way to do it.

Ok - >If I click on the 'Add Users' button, it does not allow me to add testuser2 to the group. What error do you get? The global permission for JIRA Users really should be kept simple to begin with, putting a user in jira-users should be sorting it, and it's a nice clear "hey, these people can use JIRA". I'd rather debug that than start adding other groups.

The dialog I see is a search dialog, asking me to find users to add. I enter testuser2 into the dialog with 'Active: All' selected, press the search button, and the message I get back is "No results found matching the search criteria." I guess where my confusion is coming from is that if I end up needing, for example, to manage hundreds of users across multiple applications, it would seem cumbersome to add them individually to each <app>-users group. I assume I am still missing something obvious about how this system was designed.

Sounds like the testuser is not active? It's been built this way because there are places that will have 50 users in one application and 250 in a second - you can't use a single group for them all because when you add user 51 to the group, the first application will stop working. If that's not your situation, then there's absolutely no harm in defining a single "can use atlassian stuff" group and using that in all your atlassian applicatins to say "can use"

I click on the User section in the top navigation bar. I select the Crowd Directory to search in and see testuser2 in the list. Clicking on testuser2, I see the Active checkmark checked in the Details tab. I think the reason why I cannot add testuser2 to the lira-users group is that the jira-users group is in the JIRA Directory, but testuser2 only exists within the Crowd Directory in the crowd-users group. I am guessing that groups within directories can only have users found within the directory that contains the group.

Yes, that's right, from memory.

Ok. Thank you. I think I have a handle on what I need to do.