User management differences in cloud and server

descriptionLearn how user management works in Atlassian cloud, and what alternatives there are to Crowd.

There are a few fundamental differences to understand between deployments:

  • For server, Crowd Server can act as your remote directory (similar to AD) and allows you to provide SSO across multiple Atlassian server products.

  • For Data Center, Crowd Data Center can also act as your remote directory (similar to AD). You can also use Crowd's SSO or connect your Data Center products directly to an external identity provider.

  • For cloud, users can use a single Atlassian account to log in to all cloud apps. You can then connect Atlassian accounts to an external IdP with SAML SSO and user provisioning (SCIM) via a subscription to Atlassian Access.

tip/resting Created with Sketch.

Crowd in cloud

We've designed identity and user management in Atlassian cloud products with native cloud standards top of mind. Since Crowd was designed for on-premises software, it's not available for our cloud products.

Instead, Atlassian Access offers enterprise-grade security and centralized administration across all your Atlassian cloud products.

Server user management

By default, users have a different account for each one of your company's Atlassian server products (although often peoples' usernames and passwords are the same across products). Alternatively, you can use Atlassian Crowd to provide single sign on between multiple server products.

For each server product, you can manage users and groups from the product's internal directory, an Active Directory or LDAP server. With Atlassian's Data Center products, you can delegate authentication to a third-party provider via SSO. 

Cloud user management

With our cloud products, you can create an organization and verify your domains, which will give you a centralized view of all users at your company, across all our products. From there, you can subscribe to Atlassian Access to configure SAML SSO with an identity provider like Okta, Azure AD, Active Directory Federated services, Google Cloud, or more.

User provisioning allows you to sync users and groups from those identity providers to your Atlassian cloud products. If you're using an on-premises LDAP directory or Active Directory, all of our supported identity providers offer connectors to those local directories.

Cloud accounts

In cloud, each user has a single Atlassian account tied to their email address that they can use to access any Atlassian cloud product (including any Jira or Confluence cloud site). When you invite users to your Jira or Confluence site, they'll get access to the products you specify, either with an already existing Atlassian account or by creating one.

Individual users own their accounts by default. If you want more control over their accounts, verify that you own the domain with their email address to claim their accounts, which transfers ownership of the account from individual users to the organization that has claimed the domain. This gives company admins the ability to modify, deactivate, and delete their accounts.

Site administrators can control which Atlassian accounts have access to the individual products on that site, but cannot modify the accounts themselves.

Organization admins that have a verified domain have full control over the accounts of users in their company, across all sites and services. Building on this, you can subscribe to Atlassian Access and configure user provisioning and SAML single sign-on with your identity provider and an external directory if you have one.

Learn more about Atlassian Access and review the Atlassian Access Licensing and Pricing FAQ’s for additional detailed information.

tip/resting Created with Sketch.

Looking for more differences between cloud and server? Check out our platform comparisons and learn more about comparing costs.

More information and support

We have a number of channels available to help you with your migration.

Last modified on Feb 6, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.