Specifying which Groups can access an Application
You can specify which users are allowed to authenticate against each application. For each mapped directory, you can either allow all users within the directory to authenticate with the application, or just particular groups within the directory. You can then assign group membership to each user.
For example, the default group
crowd-administrators, which is automatically created in the default directory that you specified during setup, is allowed to access the Crowd Administration Console. This means that users who belong to the group
crowd-administrators are allowed to log in to the Crowd Administration Console (assuming they supply a valid password).
This setting will override any permissions configured in a client application. For example, even if the
test-users group is given the
Can Use permission in Confluence, if they aren't a mapped group as specified on this page, they will be unable to authenticate. This does not prevent usernames and groups from appearing in the client application.
To allow a group to access an application,
- Log in to the Crowd Administration Console.
- Click the 'Applications' tab in the top navigation bar.
- This will display the Application Browser. Click the 'View' link that corresponds to the application you wish to map.
- This will display the 'View Application' screen. Click the 'Groups' tab.
- This will display a list of groups that currently have access to the application. Click the drop-down arrow next to the 'Add' button.
- This will display a list of all the groups that exist within each directory. Select the new group from the drop-down list and click the 'Add' button.
Alternatively, you can allow all users from a particular directory to authenticate against the application. See Mapping a Directory to an Application.
Screenshot: 'Application — Specify Groups'