We know that as your teams continue to grow and the number of products you own continues to increase, managing your users and planning license utilization for your products becomes even more complex. Are you utilizing your licenses for each product properly or do you often feel like you are wasting licenses?
Today, in Crowd Server and Data Center, it’s possible to define which groups each user will be added to automatically upon authentication, but you can only do this at the directory level. Where this causes a problem is when a single directory is used by many Atlassian products (which is common). In this case, you define groups for each product that a user should be automatically assigned to at the directory level. Once a user logs in to any product for the first time, they’re automatically assigned to all default groups within that directory, which propagates to all products associated with that directory (even though they may only need to access one or two of those products). This leads to an overconsumption of licenses within each product – one of your precious resources.
Let’s look at an example. If a directory is shared between Crowd, Jira, and Confluence, and you configure two groups, ‘jira-users’ and ‘confluence-users’ within this directory, as soon as a user logs into Jira (or any of these products for the first time), they are not only automatically added to the ‘jira-users’ group but also to the ‘confluence-users’ group. This automatically counts a license for both Jira and Confluence, even though the user might not need access to Confluence.
Many of you may be trying solve for this by configuring one-to-one relationships between your directories and the products you own so that users are only automatically added to groups for the specific products they need access to. However, doing this breaks down the integrity of Crowd’s SSO feature and negates the purpose of separating the directories from the products – creating a lot of extra administrative work when adding new users or a new product.
Improving configuration and management of groups and directories at scale
We’re excited to announce Crowd 3.1, which allows for auto-adding users to group per product. For each product in Crowd you can now specify the groups per product that each user will be added to after successfully authenticating. For example, you may want all your users within one directory that authenticate to Jira to be added only to the ‘jira-users’ group and those that authenticate to Confluence to be added only to the ‘confluence-users’ group. Users in the ‘jira-users’ group that are not also a part of the ‘confluence-users’ group will no longer be automatically assigned a license to Confluence after authenticating to Jira.
You just have to navigate to the directory application mapping screen in Crowd and for each defined directory that contains groups you would like auto-assign users to upon their first login, configure the default groups setting. You can then repeat this for the rest of your products.
Along with these improvements to license utilization, Crowd 3.1 allows you to drag and drop how you order your directories and make the configuration and management experience of your directories and groups easier, especially for those of you who manage large numbers of groups and directories.
Crowd 3.1 also includes support for MSSQL 2016, support for PostgreSQL 9.6, and bundled tomcat 8.5.20 for standalone distribution. Read the release notes to learn more.