Crowd SSO FAQ

By Knowledge Base posted 05-27-2015 21:57

  
Crowd provides single sign-on (SSO) across a number of applications. This means that users can log in just once to access different applications without having to log in to each one individually.  This article will take you through the basic information needed to incorporate Crowd with your Jama instance.


 If you would like more information about Crowd and where to get it please visit Atlassian’s
documentation


Jama works with a number of authentication applications including LDAP, Active Directory and Crowd.  Setting up Crowd with Jama is pretty straightforward.  If you need to set this up please visit our help documentation on Crowd setup.   One thing to note is that you can only set up one of these types of authentication with Jama at one time.

Once you have Crowd successfully set up a common configuration is setting Crowd up with SSL.  If you need help with configuring crowd please visit Atlassian’s documentation on configuring Crowd to Work with SSL.

As a note about setting up SSL with Crowd, you need to make sure you have your certificate installed into the correct location.  Make sure the certificate is installed under {JAVA_HOME}/jre/lib/security/cacertsYou will need to perform a restart of your Tomcat server after adding it.

Once you have Crowd configured to work with Jama there are a few other things you may want to know about the interaction between them.

Types of licensing selected by Crowd

Licensing with Crowd works differently than our other supported authentication products.  When you sync Crowd with Jama, Crowd will take any available named creator licenses and work its way down from there.  This can be an issue if you want all of those users to have floating licenses and save your named creator licenses for your admins.  If this happens you will need to reassign the correct licensing to the users.

How users are added to Jama with Crowd and how it is different from LDAP

Users are added differently in Crowd than they are in LDAP.  In LDAP you set up your connection and then search for each user you would like to add via Jama
> Admin > Users.


For Crowd it is a bit different; you will set up directories in Crowd for your users, and then once you set up the connection between Crowd and Jama, every single user from each directory mapped to your Jama app will be added to that instance. 

How syncing Crowd works with Jama

When you are syncing Crowd with Jama you will want to sync as infrequently as possible.  The reason for this is that Crowd sync is a memory-intensive process. On each sync, Jama pulls all the users from the database into memory and checks with Crowd for any changes.  If the user exists in Jama but not in Crowd then the user will be deactivated in Jama.  However, if the user exists in Crowd but not in Jama, it will be added to Jama.  It is suggested to perform Crowd synchronization only when you need to and not set it on a 5 or 10-minute cycle.

#administration
3 comments
171 views

Comments

06-23-2015 21:57

Thank you Jordan.  We will test SSO soon and this is great news. Less manual steps.

06-23-2015 21:49

Hello Victoria,

Yes when you update the users information and sync your Crowd instance in Jama the users information will be updated.

Regards,

Jordan

06-23-2015 19:59

Hi Jordan: We are an on-premises Jama customer. Right now, LDAP allows us to only do a one time pull from Active Directory into Jama and create a new user and new user profile. Then Active Directory and Jama are no longer synchronized. If we choose to use Crowd for Single-Sign-On, and then synchronize once in a while, will Jama update the user's profile from any Active Directory updates? For example, if the user's last name changes, phone number or email address changes and this changes are updated in Active Directory, will synchronizing Crowd update all these fields for the user in Jama too?

Thank you, Victoria