Child pages
  • Crowd Provisioning Plugin
Skip to end of metadata
Go to start of metadata

The Crowd Provisioning Plugin provisions CO Person and CO Group records to Atlassian Crowd.

Operations

Registry CO Person Transaction

Crowd Action

Add

Synchronize the CO Person and their CO Group Memberships

Edit

Synchronize the CO Person and their CO Group Memberships

Enter Grace Period

No changes (unless attributes change as part of grace period)

Expiration / Becomes Inactive

Set the Crowd record to Inactive

Unexpire / Becomes Active

Set the Crowd record to Active

Delete

Remove the Crowd record

Manual Provision

Synchronize the CO Person and their CO Group Memberships

When provisioning a CO Person, the plugin will not create Crowd groups that do not already exist.

Registry CO Group Transaction

Crowd Action

Add

Synchronize the CO Group and its Memberships

Edit

Synchronize the CO Group and its Memberships

Renaming a group is not fully supported

If a CO Group is renamed, a new corresponding group will be created in Crowd. The old Crowd group will be left in place, including its memberships. As the CO People associated with the old group are reprovisioned, their memberships in the old Crowd group will be removed.

Delete

Remove the Crowd group

Manual Provision

Synchronize the CO Group and its Memberships

When provisioning a CO Group, the plugin will not create a Crowd person that does not already exist.

Installation

This is a non-core plugin, see Installing and Enabling Registry Plugins for more information.

This plugin requires PHP 7 or later (for random_bytes).

Configuration

This is a non-core plugin, see Installing and Enabling Registry Plugins for more information.

  1. Crowd clients are Applications, not Users. That is, Registry will be configured to be an Application that has access to Crowd. Start by creating a new Application (and its Directory).
    1. Login to Crowd as an administrator.
    2. Create a new Directory that will be for the exclusive use of Registry. This is where CO People and CO Groups will be synchronized to.
      1. Crowd > Directories > Add directory
        1. Directory Type: Internal
        2. Under the Permissions tab, make sure all permissions are enabled
    3. Create a new Application that corresponds to Registry.
      1. Crowd > Applications > Add application
        1. Application Type: Generic Application
        2. The password you set here will be used later in the Registry Provisioner Plugin configuration.
        3. When prompted, enter the top level Registry URL for the application URL, ie: https://registry.yourdomain.org/registry
        4. Enter your server's IP address for Remote IP address. Crowd restricts application client access to registered IP addresses.
          1. If using a reverse proxy, set the address to 127.0.0.1.
        5. Select the Directory you created in the previous step as the Directory to use with this Application.
  2. Define a new Server in Registry.
    1. Servers > Add a New Server
    2. Server Type: HTTP
    3. On the next page, configure the Server as follows
      1. Server URL: https://crowd.yourdomain.org/crowd/rest/ (Be sure to include /crowd/rest/ in the URL)
      2. Username and Password: Use the username and password you set in the Crowd Application configuration in the previous step
  3. Configure a new Provisioning Target in Registry.
    1. Configuration > Provisioning Targets > Add Provisioning Target
      1. Plugin: CrowdProvisioner
      2. On the next page, select the Server created in the previous step, as well as the identifier type that will be used as the person's Crowd username.
  4. Manually reprovision any existing Registry CO Groups that you wish to create in Crowd. After installation, all new CO Groups will automatically be created in Crowd.
  5. Manually reprovision any existing Registry CO People that you wish to create in Crowd. After installation, all new CO People will automatically be created in Crowd.

Important Constraints

  • Registry assumes it has full management of Crowd groups for groups that Registry knows about. If a group membership is directly added to Crowd, it will be removed on CO Group provisioning actions.
  • As documented above, renaming a CO Group is not fully supported.

See Also

  • No labels