Specifying which Groups can access an Application
You can specify which users are allowed to authenticate against each application. For each mapped directory, you can either allow all users within the directory to authenticate with the application, or just particular groups within the directory. You can then assign group membership to each user.
For example, the default group
crowd-administrators, which is automatically created in the default directory that you specified during setup, is allowed to access the Crowd Administration Console. This means that users who belong to the group
crowd-administrators are allowed to log in to the Crowd Administration Console (assuming they supply a valid password).
This setting will override any permissions configured in a client application. For example, even if the
test-users group is given the
Can Use permission in Confluence, if they aren't a mapped group as specified on this page, they will be unable to authenticate. This does not prevent usernames and groups from appearing in the client application.
To allow a group to access an application,
- Log in to the Crowd Administration Console.
- In the top navigation bar, click Applications.
- Click the name of the application you want to link that corresponds to the application you wish to map.
- In the application screen, click the Directories & groups tab.
This displays a list of groups that currently have access to the application.
- From the drop-down list, select the the group and click Add.
Alternatively, you can allow all users from a particular directory to authenticate against the application. See Mapping a Directory to an Application.
Screenshot: Application — Specify Groups
Specifying which users are synced based on their access rights
After you allow only some groups to access the application, you can add the same restrictions to users and groups that are synced with the application. For more info, see Syncing users based on their access rights.