Configuring directories for failover authentication
Adding an extra user directory for failover authentication means that when the primary directory is unavailable (e.g. due to a connection timeout), Crowd will authenticate your users by trying the next directory from the list. It works like a backup directory for authentication and ensures that your users can log in even if the primary directory is not working.
To add a failover authentication directory:
- Log in to the Crowd Administration Console.
- Click the 'Directories' link in the top navigation bar.
- This will display the Directory Browser. Click the 'Add Directory' link.
- This will display the 'Select Directory Type' screen. Choose the 'Delegated Authentication' directory type.
For details on how to configure this type of directory, see Configuring a Delegated Authentication Directory.
- Map the failover directory to the right application that already uses the primary directory.
The failover directory will appear at the bottom of the list. Use the blue up-arrow or down-arrow to move it right after the primary directory.
- Map the failover directory to each application you’d like to use it for.
- Specify the same user access rights for the primary and failover directories (either all users can log in, or only specific groups.)
The following example shows a simple scenario, where a failover directory is added to Crowd.
- A remote directory Directory 1 is defined in Crowd.
- Two applications are using this directory – Jira and Confluence.
- A replica of this directory is in your infrastructure, but it hasn't been added to Crowd yet.
You define an extra directory in Crowd that points to the replica. If Directory 1 is down, Crowd will use the replica to authenticate your users. Your setup should then look like in the image below: