When you map multiple directories to an application, you also need to define the directory order.

The directory order is important during the authentication of the user, in cases where the same user exists in multiple directories. When a user attempts to log in to an application, Crowd will search the directories in the order you specified, and will use the credentials (password) of the first occurrence of the user to validate the login attempt. See diagram below.

The directory order is also important when granting the user access to an application based on group membership. In the case of multiple directories, Crowd looks at the group memberships based on the directory order. See below.

On this page:

Specifying the Directory Order

To specify the directory order,

  1. Log in to the Crowd Administration Console.
  2. Click the 'Applications' tab in the top navigation bar.
  3. This will display the Application Browser. Click the 'View' link that corresponds to the application you wish to map.
  4. This will display the 'View Application' screen. Click the 'Directories' tab.
  5. This will display a list of directories that are currently mapped to the application. Use the blue up-arrow or down-arrow to move a directory higher or lower in the order:

Screenshot: 'Application---Mapped Directories'



How Authentication Works

The directory order is important during the authentication of the user.

Let's assume that JIRA has been set up as a Crowd application, and has been mapped to two directories, 'Partners' and 'Customers', in that order.
Here is what happens when a user attempts to log in to JIRA:

How the Directory Order works

How Authorisation via Group Membership Works

The directory order is important when granting the user access to an application based on group membership.

When Crowd determines a person's access to an application based on their membership of a group, what happens if the same username exists in more than one directory? Crowd will look for group membership only in the first directory where the username appears, based on the order of directories mapped to the application. See Specifying the Directory Order for an Application.

For example:

  • Two directories are mapped to Application A: The Customers directory and the Partners directory.
  • The Customers directory is mapped first in the 'Directory Order' for Application A.
  • A username jsmith exists in both the Customers directory and the Partners directory.
  • The user jsmith is a member of group G1 in the Customers directory and group G2 in the Partners directory.
  • Crowd will grant the user access to Application A based on membership of G1. For purposes of granting access to this application, Crowd will not consider jsmith a member of group G2.

RELATED TOPICS

Crowd Documentation