Connecting to Crowd or JIRA Applications for User Management

You can connect HipChat Server to Atlassian Crowd or to a JIRA application (version 4.3 or later) for management of users and groups, and for authentication (verification of a user's login).

On this page:

Connecting HipChat Server to Crowd

Atlassian Crowd is an application security framework that handles authentication and authorization for your web-based applications. With Crowd you can integrate multiple web applications and user directories, with support for single sign-on (SSO) and centralized identity management. The Crowd Administration Console provides a web interface for managing directories, users and their permissions. See the Administration Guide.

When to use this option: Connect to Crowd if you want to use the full Crowd functionality to manage your directories, users and groups. You can connect your Crowd server to a number of directories of all types that Crowd supports, including custom directory connectors.

To connect HipChat Server to Crowd:

  1. Go to your Crowd Administration Console and define the HipChat Server to Crowd. See the Crowd documentation: Adding an Application.
  2. Browse to your server's fully qualified domain name, for example https://hipchat.yourcompany.com.
  3. Log into the HipChat Server web user interface (UI) using your administrator email and password. 
  4. Click Server admin > Directory.
  5. Add a directory and select type 'Atlassian Crowd'. Enter the settings as described below.
  6. Save the directory settings.
  7. Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
    • The order of the directories is the order in which they will be searched for users and groups.
    • Changes to users and groups will be made only in the first directory where the application has permission to make changes.
     For details see Managing Multiple Directories.

Notes:

  • If you have HipChat-Crowd-LDAP, every time the user logs in (i.e. first and subsequent times), the user's data in HipChat/Crowd will be updated from the user's data in LDAP. This includes username, display name, email and group memberships. However for group memberships, only the following applies:
    • direct groups only (i.e. not nested groups) are synchronised from LDAP.
    • only groups that are already present in HipChat Server are synchronised, i.e. groups are not added/removed, and group hierarchies are not synchronised.

Settings in HipChat Server for the Crowd Directory Type

Setting

Description

Name

A meaningful name that will help you to identify this Crowd server amongst your list of directory servers. Examples:

  • Crowd Data Center
  • Example Company Crowd

Server URL

The web address of your Crowd console server. Examples:

  • http://www.example.com:8095/crowd/
  • http://crowd.example.com

Application Name

The name of your application, as recognized by your Crowd server. Note that you will need to define the application in Crowd too, using the Crowd administration Console. See the Crowd documentation on adding an application.

Application Password

The password which the application will use when it authenticates against the Crowd framework as a client. This must be the same as the password you have registered in Crowd for this application. See the Crowd documentation on adding an application.

Crowd Permissions

Setting

Description

Read Only

The users, groups and memberships in this directory are retrieved from Crowd and can only be modified via Crowd. You cannot modify Crowd users, groups or memberships via the application administration screens.

Read/WriteNot applicable to HipChat Server.

 

Advanced Crowd Settings

Setting

Description

Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if the user directory or directories in Crowd support nested groups. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Synchronisation Interval (minutes)

Synchronisation is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes.

Connecting HipChat Server to JIRA applications

Subject to certain limitations, you can connect a number of Atlassian applications to a single JIRA application for centralized user management.

When to use this option: You can connect to a server running Jira 4.3 or later, Jira Software 7.0 or later, Jira Core 7.0 or later, or Jira Service Management (formerly Jira Service Desk) 3.0 or later. Choose this option as an alternative to Atlassian Crowd, for simple configurations with a limited number of users.

To delegate user management to a JIRA application:

  1. Configure the JIRA application to recognize HipChat Server:
    • Log in to the JIRA application as a user with the 'JIRA Administrators' global permission.
    • Choose  > User Management > User Server.
      (tick)Keyboard shortcut'g' + 'g' + start typing 'jira user'.
    • Add an application.
    • Enter the application name and password that HipChat Server will use when accessing the JIRA application.
    • Enter the IP address or addresses of HipChat Server.
    • Save the new application.
  1. Configure HipChat Server to delegate user management:
    • Browse to your server's fully qualified domain name, for example https://hipchat.yourcompany.com.
    • Log into the HipChat Server web user interface (UI) using your administrator email and password. 
    • Click Server admin > Directory.
    • Add a directory and select type 'Atlassian JIRA'.
    • Enter the settings as described below. When asked for the application name and password, enter the values that you defined in the settings on the JIRA application.
    • Save the directory settings.
    • Define the directory order by clicking the blue up- and down-arrows next to each directory on the 'User Directories' screen. Here is a summary of how the directory order affects the processing:
      • The order of the directories is the order in which they will be searched for users and groups.
      • Changes to users and groups will be made only in the first directory where the application has permission to make changes.
       For details see Managing Multiple Directories.

Settings for the JIRA Directory Type

Setting

Description

Name

A meaningful name that will help you to identify this Jira server in the list of directory servers. Examples:

  • Jira Software
  • My Company Jira

Server URL

The web address of your Jira server. Examples:

  • http://www.example.com:8080
  • http://jira.example.com

Application Name

The name used by your application when accessing the Jira server that acts as user manager. Note that you will also need to define your application to that Jira server, via the 'Other Applications' option in the 'Users, Groups & Roles' section of the 'Administration' menu.

Application Password

The password used by your application when accessing the Jira server that acts as user manager.

Permissions for the JIRA Directory Type

Setting

Description

Read Only

The users, groups and memberships in this directory are retrieved from the Jira server that is acting as user manager. They can only be modified via that JIRA server.

Advanced Settings for the JIRA Directory Type

Setting

Description

Enable Nested Groups

Enable or disable support for nested groups. Before enabling nested groups, please check to see if nested groups are enabled on the JIRA application that is acting as a user manager. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups.

Synchronisation Interval (minutes)

Synchronisation is the process by which the application updates its internal store of user data to agree with the data on the directory server. The application will send a request to your directory server every x minutes, where 'x' is the number specified here. The default value is 60 minutes.

 

Diagrams of Some Possible Configurations

Gliffy-Confluence-JIRA-Crowd

Diagram above: HipChat Server connecting to Crowd for user management.

 
Gliffy-JIRA-To-JIRA

Diagram above: HipChat Server connecting to a JIRA application for user management. The JIRA application does the user management, storing the user data in its internal directory.

 
Gliffy-Apps-To-JIRA-LDAP

Diagram above: HipChat Server connecting to a JIRA application for user management, with the JIRA application in turn connecting to an LDAP server.

RELATED TOPICS

Last modified on May 10, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.