Connecting to Crowd or Jira for User Management
You can connect your Confluence application to Atlassian Crowd or to a Jira Server or Data Center application (version 4.3 or later) for management of users and groups, and for authentication.
You can't use Jira Cloud for user management.
Connecting Confluence to Crowd for User Management
When to use this option: Connect to Crowd if you want to use the full Crowd functionality to manage your directories, users and groups. You can connect your Crowd server to a number of directories of all types that Crowd supports, including custom directory connectors.
Managing 500+ users across Atlassian products?
Find out how easy, scalable and effective it can be with Crowd!
See centralized user management.
To connect Confluence to Crowd:
- Go to your Crowd Administration Console and define the Confluence application to Crowd. See the Crowd documentation: Adding an Application.
- Go to > General Configuration > User directories.
- Add a directory and select type 'Atlassian Crowd'. Enter the settings as described below.
- Save the directory settings.
- Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
- Changes to users and groups will be made only in the first directory where the application has permission to make changes.
- The order of the directories is the order in which they will be searched for users and groups (by default Confluence aggregates group membership from all directories, so the order does not impact membership itself).
- If required, configure Confluence to use Crowd for single sign-on (SSO) too. See the Crowd documentation: Integrating Crowd with Atlassian Confluence.
Crowd Settings in Confluence
Setting | Description |
---|---|
Name | A meaningful name that will help you to identify this Crowd server amongst your list of directory servers. Examples:
|
Server URL | The web address of your Crowd console server. Examples:
|
Application Name | The name of your application, as recognized by your Crowd server. Note that you will need to define the application in Crowd too, using the Crowd administration Console. See the Crowd documentation on adding an application. |
Application Password | The password which the application will use when it authenticates against the Crowd framework as a client. This must be the same as the password you have registered in Crowd for this application. See the Crowd documentation on adding an application. |
Note: There is a known issue where the password is not saved in some instances - CONF-33979Getting issue details... STATUS when configuring Confluence to use Jira/Crowd as a external user directory.
Crowd Permissions
Setting |
Description |
---|---|
Read Only |
The users, groups and memberships in this directory are retrieved from Crowd and can only be modified via Crowd. You cannot modify Crowd users, groups or memberships via the application administration screens. |
Read/Write |
The users, groups and memberships in this directory are retrieved from Crowd. When you modify a user, group or membership via the application administration screens, the changes will be applied directly to Crowd. Please ensure that the application has modification permissions for the relevant directories in Crowd. See the Crowd documentation: Specifying an Application's Directory Permissions. |
Advanced Crowd Settings
Setting | Description |
---|---|
Enable Nested Groups | Enable or disable support for nested groups. Before enabling nested groups, please check to see if the user directory or directories in Crowd support nested groups. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups. |
Enable Incremental Synchronization | Enable or disable incremental synchronization. Only changes since the last synchronization will be retrieved when synchronizing a directory. Note that full synchronization is always executed when restarting the application. |
Synchronization Interval (minutes) | Synchronization is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes. |
Connecting Confluence to Jira applications for User Management
Note that the license tiers for your Jira application and Confluence do not need to match to use this feature. For example, you can manage a Confluence 50 user license with Jira Software, even if Jira Software only has a 25 user license.
Subject to certain limitations, you can connect a number of Atlassian applications to a single JIRA application for centralized user management.
When to use this option: You can connect to a server running Jira 4.3 or later, Jira Software 7.0 or later, Jira Core 7.0 or later, or Jira Service Management (formerly Jira Service Desk) 3.0 or later. Choose this option as an alternative to Atlassian Crowd, for simple configurations with a limited number of users.
To connect Confluence to a Jira Server or Data Center application:
- In your Jira application go to User Management > Jira User Server.
(For Jira 6.4 and earlier go to your Jira administration screen then Users > Jira User Server)- Click Add Application.
- Enter the application name and password that Confluence will use when accessing Jira.
- Enter the IP address or addresses of your Confluence server. Valid values are:
- A full IP address, e.g.
192.168.10.12
. - A wildcard IP range, using CIDR notation, e.g.
192.168.10.1/16
. For more information, see the introduction to CIDR notation on Wikipedia and RFC 4632.
- A full IP address, e.g.
- Save the new application.
- Set up the Jira user directory in Confluence:
- Go to > General Configuration > User directories.
- Add a directory and select type 'Atlassian Jira'.
- Enter the settings as described below. When asked for the application name and password, enter the values that you defined for your Confluence application in the settings on Jira.
- Save the directory settings.
- Don't change the directory order until you have done the next step or you may accidentally lock yourself out of the Confluence admin console.
- In order to use Confluence, users must be a member of the
confluence-users
group or have Confluence 'can use' permission. Follow these steps to configure your Confluence groups in your Jira application:- Add the
confluence-users
andconfluence-administrators
groups in your Jira application. - Add your own username as a member of both of the above groups.
- Select one of the following methods to give your existing Jira users access to Confluence:
- Option 1: In your Jira application, find the groups that the relevant users belong to. Add the groups as members of one or both of the above Confluence groups.
- Option 2: Log in to Confluence using your Jira account and go to the Confluence Administration Console. Click Global Permissions and assign the can use permission to the relevant Jira groups.
- Add the
- In Confluence you can now define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
- The order of the directories is the order in which they will be searched for users and groups.
- Changes to users and groups will be made only in the first directory where the application has permission to make changes.
Ensure that you have added Confluence URL into Jira Whitelist in Jira Administration >> System >> Security >> Whitelist
. For example: https://confluence.atlassian.com/ or refer to this guide: Configuring the whitelist.
Jira Settings in Confluence
Setting | Description |
---|---|
Name | A meaningful name that will help you to identify this Jira server in the list of directory servers. Examples:
|
Server URL | The web address of your Jira server. Examples:
|
Application Name | The name used by your application when accessing the Jira server that acts as user manager. Note that you will also need to define your application to that Jira server, via the 'Other Applications' option in the 'Users, Groups & Roles' section of the 'Administration' menu. |
Application Password | The password used by your application when accessing the Jira server that acts as user manager. |
Jira Permissions
Setting | Description |
---|---|
Read Only | The users, groups and memberships in this directory are retrieved from the Jira server that is acting as user manager. They can only be modified via that JIRA server. |
Advanced Jira Settings
Setting | Description |
---|---|
Enable Nested Groups | Enable or disable support for nested groups. Before enabling nested groups, please check to see if nested groups are enabled on the JIRA server that is acting as the user manager. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow the inheritance of permissions from one group to its sub-groups. |
Update group memberships when logging in | This setting enables updating group memberships during authentication and can be set to the following options:
|
Synchronization Interval (minutes) | Synchronization is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes. |
Diagrams of Some Possible Configurations
Diagram: Confluence, Jira and other applications connecting to Crowd for user management.
Diagram above: Confluence connecting to JIRA for user management.
Diagram above: Confluence connecting to JIRA for user management, with JIRA in turn connecting to LDAP.
Troubleshooting
Below are some error messages you may encounter. If you run into problems, you should turn on WARN logging for the relevant class. See Configuring Logging.
Error | Message | Cause |
---|---|---|
error.jirabaseurl.connection.refused | Connection refused. Check if an instance of Jira is running on the given url | This may be because:
|
error.applicationlink.connection.refused | Failed to establish application link between Jira server and Confluence server. | Unable to create an application link between Jira and Confluence. This may be because:
Refer to the Confluence log files for further troubleshooting information. |
error.jirabaseurl.not.valid | This is not a valid url for a Jira application. | A runtime exception has occured. Refer to the Confluence log files for further troubleshooting information. |