Documentation for Crowd 2.7. Documentation for earlier versions of Crowd is available too.

Skip to end of metadata
Go to start of metadata

 Known issues, hints and tips and answers to commonly asked questions about Crowd:

Concepts:

Technical:

Compatibility:

Common Evaluator Questions:

Deployment FAQ
Guides, Hints and Tips
Integration FAQ
Support Policies
Troubleshooting

What is single sign-on?

Single sign-on enables users to authenticate (login) once and gain access to multiple web applications within a single domain. See also centralized authentication.

What is authorization?

Authorization is the act of deciding whether a person is allowed to access a specific resource or web application. This often comes in the form of groups, roles and permissions.

What is authentication?

Authentication is the act of verifying that a user is who they say they are. This is often done through a credential such as user name and password.

What is centralized authentication?

Centralized authentication is when an end-user has the same username and password used across all web applications, even if the application cannot participate in single sign-on. This is often a major milestone before single sign-on is achieved within an organisation.

Crowd provides centralization authentication and/or single sign-on depending on your application's capabilities.

What is identity management?

Identity management is the process of defining a user (a 'principal') and managing their attributes. In addition to username and credentials (e.g. password), attributes might include phone number, address, etc.

Identity management also includes assigning users to relevant groups and roles, so that users can access appropriate applications and resources.

Another important part of identity management is managing the entire user lifecycle, for example, disabling the user account when someone leaves the organization.

What is a directory?

A directory is a repository of information containing user identities, their attributes and their group and role memberships.

How does Crowd work? How is Crowd an "application security framework"?

Crowd is made up of two parts:

  • Administration console: a brilliantly simple and powerful web interface that manages directories, users, and their security rights.
  • Integration API: a single security architecture where multiple web applications are integrated. With the integration API, applications can quickly access user information or perform security checks.

What is an application connector?

An application connector is the link between Crowd and one of your applications. An application connector makes it possible to connect, say, Crowd and JIRA. When you download and install Crowd, you'll automatically get its application connectors, along with an integration API so that you can code your own application connectors too.

What is a directory connector?

A directory connector is the link between Crowd and one of your directories. It makes it possible to connect, say, Crowd and Active Directory. When you download and install Crowd, you'll automatically get its directory connectors, along with an integration API so that you can code your own directory connectors too.

How many users can Crowd manage?

Crowd can support over 500 users depending upon which license you purchase. View the licensing and pricing breakdown for more information. We have customers using Crowd successfully with tens of thousands of users.

How many applications can be used with Crowd?

So long as they're compatible with Crowd, you can add in as many applications as your organization needs.

We already have an LDAP server for Confluence and/or JIRA. Do we really need Crowd?

If one or more of the following apply, Crowd will be of benefit to you:

  • your organization uses multiple applications and they have not yet been integrated into the LDAP server
  • you are looking for an easy way to manage all your JIRA and Confluence users in one database with one or more directory servers
  • your organization has not yet implemented single sign-on
  • you are looking for a way to help save you and your organization time, frustration, and much more!

What are Crowd's system requirements?

For information on compatible databases, application servers, and operating systems, read the Supported Platforms page.

What directories and applications does Crowd support out-of-the-box?

A complete list of currently supported applications and directories can be found in Crowd's documentation. Check back often, as new connectors will be added regularly.

How can Crowd be connected to new or currently unsupported applications?

Crowd provides a simple and intuitive integration API (backed by REST or SOAP) that allows you to connect in your new or existing applications. This makes it easy to choose how much or how little to integrate based on your needs.

How does Crowd integrate with other Atlassian products?

Crowd ships with connectors for Atlassian products.

Using the out-of-the-box connectors you can consolidate all of your users into a single repository giving you the ability to manage all of your users in a single location. Users can then take advantage of single sign-on, giving them one username and password to access all of your applications.

Does Crowd include kerberos integration?

Crowd does not currently support kerberos-based authentication.

For licensing and pricing — please see the Purchasing FAQ.

18 Comments

  1. I work for a UK higher education institution. You may well have a point about SAML, but the UK education community is proceeding full speed ahead with federated access management (essentially Shibboleth, but that's not quite the official position). Right now, I would like to be able to easily Shibbolise Confluence and JIRA. By round about 2008, it'll be a purchasing requirement. Crowd potentially solves an important problem for us (as well as being Atlassian customers, we are Jive Software customers), but I am in that 2% of customers who need SAML. By the way, on your list of customers here, Universities make up quite a lot more than 2%.

    1. Hi Miles,

      Just a quick note - I believe that Internet2 is currently working on integrating Confluence with Shibboleth, which you may be interested in:

      https://spaces.internet2.edu/display/SHIB/ShibbolizedConfluence

      Cheers,
      Ernest

  2. Hi Ernest

    Thanks for the link! I am still in the market, though, for a drop in "Education's favourite Java web-applications" SSO tool with Shibboleth integration.

    Cheers

    Miles

  3. Another vote for SAML. Regardless of the (no doubt valid) issues raised, my company heavily uses Google Apps and Google Apps current only supports SAML to my knowledge. It's tough for me to recommend Crowd if it doesn't support a major part of our infrastructure.

  4. Anonymous

    What about SPNEGO?  For an Intranet deployment, my users want automatic authentication.

  5. Anonymous

    I respect your decision.  However, as my company (educational non-profit) is looking to move away from a homegrown SSO solution, we're leaning towards SAML since that seems to be where the momentum is for our sector.  As a Jive customer, I'd still perhaps consider using crowd for internal software development, if we were to adopt the atlassian products wholesale.

    1. We're currently working on limited SAML support - particularly for Google Apps.

      Once we have that up and working, we'll start looking at broader support for the specification.

  6. Anonymous

    We're using both AD and Google Apps.  Everything's integrated nicely with on-prem Atlassian.  SPNEGO mentioned above would be awesome.

    1. Anonymous

      "on-prem" = Crowd + JIRA + Confluence

  7. Anonymous

    Does anyone use CAS or a Shibboleth derivative?

  8. My company has been using Fisheye and crucible with built-in authentication for a couple years. We are now setting up JIRA and Crowd- we have Crowd working with both JIRA and Fisheye/crucible where users can login with their NT accounts, but I haven't found a simple way to migrate user data (e.g. as review authors, review participants, comments) in crucible besides a database script I wrote? And how about JIRA - any way to move assigned issues to other accounts en mass? 

  9. Link to the "help us determine.." on this page is broken.

  10. Anonymous

    Poor documentation,limited features,and the pathetic forum..  Thanks to offer these all in one bundle  

  11. Kerberos Change Password protocol would be a nice integration feature.

    1. Anonymous

      If you have SAML authentication from your internal AD, kerberos is available to make it transparent.  I do this today with other SAML-enabled SaaS applications that consume SAML.  Alas, last I heard Atlassian still didn't support SAML. (sad)

  12. Anonymous

    So, when is SAML 2.0 support coming?

    1. Hey Anonymous, sorry but we don't have any forthcoming plans to fully support SAML at this point in time.