Managing all your Atlassian users can be intimidating, especially if you’re an enterprise organization or growing quickly. Users are always coming and going, depending on access for essential work in certain tools while only logging in once for others. To make matters worse, you’re dealing with multiple domains that span a slew of instances, and the landscape is ever-evolving. The processes you have in place may have worked before, when their scope was not as broad, but many basic setups don’t have the functionality to standardize user management at scale.
Crowd Data Center is Atlassian’s enterprise user management solution for self-hosted environments, designed to help you address these challenges at scale. From keeping a close watch on license waste to automating group permissions, Crowd Data Center enables you to optimize performance as you scale, save admins valuable time, and reduce costs. It can be easy to boil down Crowd Data Center to merely a Single Sign-On (SSO) solution for your self-hosted Atlassian products. It’s also an excellent tool for enterprise user management as a whole.
Here are five ways that Crowd Data Center can help you conquer user management at scale.
1. Centralize user management in one space
Some of the biggest issues enterprises encounter with user management revolve around the time-consuming nature of managing users by product. For example, some customers have more than 100 active directories, so managing users in-product means they need to configure each directory for each product. When you can offload and centralize your user management efforts in one space, admins have more free time to focus on other tasks.
Crowd Data Center lets admins oversee all Atlassian user management under one roof. That means an admin can see who’s logged in to which instance of which application and when, regardless of what subsidiary or region they’re a part of. Gone are the days (literally) spent synchronizing directories or cycling through audit logs by individual product, winning back valuable time for your admin and simply making his/her job easier. On top of this, for large organizations managing tens of thousands of users across multiple instances of multiple products, reducing replicated actions can go a long way.
In addition to preserving precious manpower, Crowd Data Center takes the weight off individual products and improves their performance. Some organizations choose to manage users within each product they own, which is a sound method when dealing with a relatively small user base or only a few instances of one or two products. However, this job can become quite tricky and repetitive when you’re tracking thousands of users from various areas of the business, which also means having to configure potentially hundreds of directories on a per-product basis. Removing this strain on the individual product can result in positive gains for performance.
2. Optimize license usage
Establishing an accurate view of license consumption is a challenge for small and large organizations alike. The key difference is that for large organizations, the stakes are much higher.
One common pain point our enterprise customers experience is the significant number of users who log in to Jira, Confluence, or Bitbucket once – and then never again. Those one-and-done users add up, and can bloat your estimated license usage, resulting in inaccurate reporting or, worse, a bigger price tag for a higher user tier.
To combat this, we built centralized license visibility into Crowd Data Center, which gives you the ability to filter license consumption data by user name, date of last login, directory, and application type. Admins can see which users are inactive across all of the Server and Data Center licenses they own, then take action based on who needs access and who doesn’t. Easily accessible visibility like this not only serves as a foundation for optimal license usage, but allows you to identify potential cost-saving benefits.
3. Automate local group permissions
Where centralized license visibility lets you to isolate who hasn’t been using your Atlassian products, local group permissions allows you to avoid the problem altogether.
Local groups are essentially designations that help ensure the right people have access to the right applications. For example, you may want all your users within one directory that authenticate to Jira to be added only to the “jira-users” group, and those that authenticate to Confluence to be added only to the “confluence-users” group. Users in the “jira-users” group that are not also a part of the “confluence-users” group will no longer be automatically assigned a license to Confluence after authenticating to Jira.
For an enterprise, this means you can keep your users in AD or LDAP and define their authentication permissions in Crowd, effectively making group changes within your directories.
We massively leverage local group controls in Crowd. Local groups means we can provide the same name that appears in multiple directories and Crowd will singularize the duplicate(s). Control and flexibility of how the users are synced into Crowd is pivotal to how our platform operates. -Craig Castle-Mead, Uhub
But no organization’s Atlassian usage is static – especially those experiencing fast growth – and onboarding new users with access to the applications they need to get work done can take a lot of time. By leveraging the auto group assignment feature in Crowd Data Center, admins can save time and ensure users have access to the tools they need. For example, if you know that an engineering team needs access to a specific Bitbucket instance, you can use local group controls so that any new user who joins that team is automatically given access to the corresponding instance. This kind of automation gives you the control and flexibility to make user management at scale a far more manageable task.
4. Delegate administrative tasks
With Crowd Data Center you can assign group level administrators to add or remove users to their groups, leaving you freed up to focus on some of the more important tasks you’ve put on the back burner. In just a few clicks, you can assign an individual or even an existing group as group level administrators and they will be able to add or remove group members just as quickly, as indicated below.
On top of saving you time, your teams will no longer have to wait for you to make these group membership changes. For example, if your global administrator is located in one timezone, but your teams are located in several other timezones, they sometimes have to wait a whole day (or more) just to get a team member added or removed from a group.
5. Take advantage of selective synchronization for Azure AD
Synchronizing data from directories is an incredibly important yet tedious process. Admins can get bogged down by having to synchronize the whole directory, even when they only need certain groups from within the directory.
To help mitigate this monotony, Crowd Data Center gives you the ability to filter users by group membership for Microsoft Azure Active Directory (Azure AD). Many of our customers, primarily store their users’ credentials in Azure AD, which contains pre-set authentication and authorization information about users, groups, and roles. You can maneuver different directories to create sets of users; for example, you can store your customers in one directory and employees in another.
Tip
Learn more about how to configure your Azure AD as a directory in Crowd.
Cleaning up your license usage with Azure AD user filtering is a great way to increase performance and gain an accurate view of license consumption that’s representative of your user tier. By freeing up time that would otherwise be spent synchronizing your entire Azure AD, and giving you the peace of mind that performance (and cost) aren’t getting bogged down by unwanted users, Azure user filtering delivers big value for a little lift.
Looking beyond SSO for user management
While it’s clear that SSO is a critical service for any enterprise organization, it’s not the only benefit to look for when considering an enterprise user management solution. Managing enterprise-wide usage doesn’t need to be complicated, and if done right can improve performance, visibility, and costs.
We know that enterprise user management will continue to evolve, and we’re here to support you each step of the way. To learn more about enterprise user management for self-hosted environments, check out our full guide by following the link below.