Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can i add 'jira-users' as default group while configuring crowd directory in jira?

Suresh
Suresh October 9, 2018

Hi Team,

We have jira with LDAP authentication, while configured LDAP in jira, we gave "jira-users" group as default group and user on first authentication adding to the "jira-users" internal group - there were no issues on this matter.

Now, we have installed crowd and added LDAP as directory , and added jira application and associated LDAP directory.But how to add "jira-users" group as a default group while configuring crowd directory in jira?

jira-users group is internal directory and associated in most of roles and project permissions.

And also, How to retain those jira-users with jira authentication through crowd?

similarly, how to retain jira-developers and jira-adminstrators group and it's user list? 

Regards,

Suresh

Answer
Watch
Like Be the first to like this
1855 views

2 answers

1 accepted

0 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 12, 2018

When you're using Crowd with Jira, it is not something you can do from within Jira.  Instead a Crowd external directory handles those group memberships itself.  This is explained in more detail in the Crowd documentation: Automatically Assigning Users to Groups

As for maintaining the group memberships that already exist, since you're currently connecting Jira to an LDAP instance, you should be able to use the exact same LDAP settings in Crowd that Jira uses now, in order to sync over the specific groups and line up those users with the needed group memberships.  This will at least maintain the memberships of those groups that exist in LDAP.

View More Comments
Suresh
Suresh October 15, 2018

Hi Andrew,
Thank you for the replay,
We have gone through Automatically Assigning Users to Groups, but we do not find option called "Directories & Groups" under application,
we are able see only separate section for  "Details","Directories","Groups", "Users", "Permission" "Remote Addresses","Auth Test" and "Options".

Not sure where we need to select default group and also not sure how to add first time user to the "jira-user".

We are using crowd Crowd Version: 2.10.1.

Regards,

Suresh

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 15, 2018

Ah, The documentation link above is for Crowd 3.3.  I didn't realize you were using a different version.  I'd recommend instead trying to follow the corresponding document for the 2.10.x version of Crowd.  You can find this in  https://confluence.atlassian.com/crowd0210/automatically-assigning-users-to-groups-849055245.html

There are some slightly different terms and locations to accomplish the same task but in that older version of Crowd.

Like
Suresh
Suresh October 23, 2018

Thank you andrew, I am able to add default group under directory level.
Looking forward to add default group under application level.
BTW what is the difference between directory and application level default groups.
  

Like
Reply
0 votes
Marcin Kempa
Marcin Kempa
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 15, 2018

Hi @Suresh,

 

If I understand correctly you have Jira which is connected to Crowd and Crowd is connected to custom LDAP. Crowd version is 2.10.1 and you would like to still be able to use default groups, so that if someone logs in to Jira they will be automatically assigned to for example jira-users groups (local groups in Crowd's directory, they do not come from LDAP). Is that your use case?

Additionally do you have Crowd SSO setup? or are you reusing directories across different applications? Do you have other applications connected to Crowd?

If not, you could try to use default groups on directory level (see: https://confluence.atlassian.com/crowd/automatically-assigning-users-to-groups-194806197.html 'Automatically assigning groups per directory'). This is similar thing as @Andy Heinzer mentioned although with default groups per directory you do not have the possibility to assign groups to users when they log in to certain application. In this case it is defining a default group when user is logging in to any application connected to this particular directory.

I've asked about the SSO, as if this is not your requirement you could potentially have different directories connected to your applications in Crowd. However doing so breaks SSO and is not recommended as it is complicating the configuration.

 

BTW I would love to hear why you did not upgrade to the latest version of Crowd. Is there anything blocking you? Thanks!

 

Hope that helps,

Marcin Kempa

View More Comments
Suresh
Suresh October 23, 2018

Thank you Marcin,

Yes , you are right about our requirement.
we haven't setup for sso..may be soon will opt this option.

Regarding crowd upgrade, we have not yet planned, could you suggest us what is the best version to upgrade?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.