Do you:
If you're a YES on all three, then a feature released in Crowd 4.4.0 "Sync users based on their access rights" may be a big help.
The team I'm a part of runs quite a large Atlassian ecosystem ( the intro on another post - https://community.atlassian.com/t5/Jira-articles/Maximizing-business-value-from-your-log-files-insights-in-to-app/ba-p/1126471 - covers some of the size and scale). Our Crowd environment is connected to numerous AD/LDAP/AzureAD/etc environments and then Jira Software/JSD, Confluence, Bitbucket and Bamboo are all connected to Crowd, but not every application has the same user base, JSD needs a large user set as customers, not every JSW/Confluence user needs to work on code, and not every person working on code uses Bamboo for CI/CD, so Bitbucket and Bamboo have subsets users.
Up until 4.4.0, the logic was that if a user existed in a Crowd directory mapped to a Crowd application, then that user would be synced to Jira/Confluence/Bitbucket/Bamboo - even if the user did not have permission to login to the application ( https://confluence.atlassian.com/crowd/specifying-which-groups-can-access-an-application-25788430.html ). The result of this is that every application had the same set of users that were not needed - in some of our cases, over 100,000 excess users.
The concerns/drawbacks of this were numerous - some examples:
To enable this option, go to a Crowd application (if you're using Crowd 4.4.0 or newer) and you should see a new heading under the "Directories & groups" tab called "Access-based synchronization" (ABS)
https://confluence.atlassian.com/crowd/crowd-4-4-release-notes-1087517293.html for the 4.4 release notes
Adjusting the ABS options above could cause a SIGNIFICANT change in your application. Please ensure you test any changes in a non-production environment first!
Have you tried ABS yet? If so, let us know how it went for you!
CCM
Craig Castle-Mead
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
0 comments