We currently have over 150 users set up on Google Apps. I want to implement an LDAP server with Crowd so that I have a centralised platform that can be used for Google authentication (SSO) plus Crowd/LDAP authentication with other platforms.
As I understand it, once I've enabled SSO on Google Apps, all login requests will be directed to Crowd. This would seem to make it quite difficult to test SSO/Crowd without affecting all users.
Also, once I've populated the LDAP directory, I need to get the users to set their desired passwords so that when SSO *is* turned on, they know what password to use.
Has anyone gone through a similar process and got suggestions to share on how best to tackle these issues?
If a business is using Google Apps, they get their own URL which users must enter if they want the redirect to go off to Crowd. If users use the generic URL, e.g. www.gmail.com, they still get authorised by Google Accounts.
Also, it is possible to put a netmask into the SSO configuration on Google, ensuring that the redirect only happens if the user is on the correct network.
Reading this question:
it looks, from one of the answers, as if users can actually override the SSO process and continue to log in with the Google authentication?
"Please note that as long as users' passwords are synced between your LDAP system and Google, users can bypass the SSO login system by signing in directly to Google."
If that is the case, it would seem that I can:
a) populate LDAP and get staff to start setting their passwords.
b) set up SSO on Google and tell staff not to use it. I think I could even enforce that by using the Crowd settings to restrict who is allowed to log in via SSO.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot