Versions Compared

Old Version 2

changes.mady.by.user Scott Koranda

Saved on

compared with

New Version Current

changes.mady.by.user Benn Oshrin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt
Registry v4.0.0 introduces the Jira Provisioning Plugin, which provisions CO Person and CO Group records to Atlassian Jira.


Panel

Table of Contents

Operations

Registry CO Person Transaction

Jira Action

Add

Synchronize the CO Person and their CO Group Memberships

Edit

Synchronize the CO Person and their CO Group Memberships

Enter Grace Period

No changes (unless attributes change as part of grace period)

Expiration / Becomes Inactive

Set the Jira record to Inactive

Unexpire / Becomes Active

Set the Jira record to Active

Delete

Remove or set to Inactive the Jira record (depending on configuration)

Manual Provision

Synchronize the CO Person and their CO Group Memberships

...

Registry CO Group Transaction

Crowd Jira Action

Add

Synchronize the CO Group and its Memberships

Edit

Synchronize the CO Group and its Memberships

Note
titleRenaming a group is not fully supported

If a CO Group is renamed, a new corresponding group will be created in CrowdJira. The old Crowd Jira group will be left in place, including its memberships. As the CO People associated with the old group are reprovisioned, their memberships in the old Crowd Jira group will be removed.


Delete

Remove the Crowd Jira group

Manual Provision

Synchronize the CO Group and its Memberships

...

Note

When provisioning a CO Group, the plugin will not create a Crowd Jira person that does not already exist.

...

This is a non-core plugin, see Installing and Enabling Registry Plugins for more information.

  1. Crowd clients are Applications, not Users. That is, Registry will be configured to be an Application that has access to Crowd. Start by creating a new Application (and its Directory)The plugin invokes the Jira REST API as a privileged user.
    1. Login to Crowd Jira as an administrator and click on the gear icon to access the JIRA ADMINISTRATION menu. Choose User management from the menu.
    2. Click the Create user button and complete and submit the form to create a new user with username and password.
    3. Return to the User management view and click Groups to view the Groups pane.
    4. Use the Filter group text box to search for and find the jira-system-administrators group. Click on the jira-system-administrators group to view its details.
    5. Click on Add/Remove Users.
    6. Add the user you just created to the jira-system-administrators group a new Directory that will be for the exclusive use of Registry. This is where CO People and CO Groups will be synchronized to.
      1. Crowd > Directories > Add directory
        1. Directory Type: Internal
        2. Under the Permissions tab, make sure all permissions are enabled
      Create a new Application that corresponds to Registry.Crowd > Applications > Add application
    7. Application Type: Generic Application
    8. The password you set here will be used later in the Registry Provisioner Plugin configuration.
    9. When prompted, enter the top level Registry URL for the application URL, ie: https://registry.yourdomain.org/registry
    10. Enter your server's IP address for Remote IP address. Crowd restricts application client access to registered IP addresses.
      1. If using a reverse proxy, set the address to 127.0.0.1.
      11. Select the Directory you created in the previous step as the Directory to use with this Application.
  2. Define a new Server in Registry.
    1. Servers > Add a New Server
    2. Server Type: HTTP
    3. On the next page, configure the Server as follows
      1. Server URL:  httpshttps://crowdyour.yourdomain.org/crowd/rest/ (Be sure to include /crowd/rest/ in the URL)server.fqdn
      2. Username and Password: Use the username and password you set in the Crowd Application configuration for the privileged user in the jira-system-administrators group in Jira that you created in the previous step.
      3. For Registry v4.1.0 and later, set HTTP Authentication Type to Basic.
  3. Configure a new Provisioning Target in Registry.: Configuration > Provisioning Targets > Add Provisioning Target
    1. Description: Provide a description for this target, e.g. Collaboration Jira
    2. Plugin: CrowdProvisionerJiraProvisioner
    3. On the next page:
      1. Select , select the Server created in the previous step, as well as the identifier .
      2. Select the Identifier type that will be used as the person's Crowd username.Jira username.
      3. Older versions of Jira relied entirely on a username and did not create an immutable key to uniquely identify each user. Upgraded Jira deployments may still have user objects that do not include a key. Tick the box to query Jira for users by both key and username if your Jira deployment is older or has been upgraded and may still contain user objects without a key.
      4. If not all users should be provisioned to Jira (e.g., to help manage license costs), choose a CO Group and only members of that group will be provisioned to Jira.
      5. Tick the box for Delete is Deactivate if Jira users should be set to inactive instead of being deleted when they are deleted from Registry.
      6. If not all CO Groups should be provisioned to Jira select a Group Identifier Type and only groups with an Identifier of that type attached will be provisioned to Jira.
      7. To cause the name of the group in Jira to be the value of the Group Identifier Type tick the box for Group Name From Identifier.
      8. Tick the box if the plugin should remove users in Jira groups that it does not recognize as provisioned users from Registry.
  4. Manually reprovision any existing Registry CO Groups that you wish to create in CrowdJira. After installation, all new CO Groups will automatically be created in CrowdJira (depending on configuration for Group Identifier Type).
  5. Manually reprovision any existing Registry CO People that you wish to create in CrowdJira. After installation, all new CO People will automatically be created in CrowdJira (depending on configuration for Provisioning Group).

Note
titleImportant Constraints
  • Registry assumes it has full management of Crowd groups for groups that Registry knows about. If a group membership is directly added to Crowd, it will be removed on CO Group provisioning actions.

    • As documented above, renaming a CO Group is not fully supported.

    See Also