Integrating Bamboo with Crowd
You can configure Bamboo to use Atlassian Crowd for user and group management, and for authentication and authorization.
Atlassian Crowd is an application security framework that handles authentication and authorization for your web-based applications. With Crowd, you can integrate multiple web applications and user directories, with support for single sign-on (SSO) and centralized identity management. See the Crowd Administration Guide.
Connect to Crowd if you want to use Crowd to manage existing users and groups in multiple directory types, or if you have users of other web-based applications.
このページの内容
Step 1. Configuring Crowd to talk to Bamboo
Configure things on the Crowd side by following Step 1 in Integrating Crowd with Atlassian Bamboo, and then return to this page.
Step 2. Configuring Bamboo to talk to Crowd
- Log in as a user with Admin permission.
- In the Bamboo administration area, under Security, select User Directories.
- Select Add Directory and select Atlassian Crowd.
- Enter settings, as described below.
- Test and save the directory settings.
- Define the directory order, on the Directories tab, by clicking the blue up- and down-arrows next to each directory. The directory order has the following effects:
- ディレクトリの順序は、ユーザーおよびグループの検索順序です。
- ユーザーおよびグループへの変更は、アプリケーションが変更権限を持つ最初のディレクトリに対してのみ行われます。
サーバー設定
設定 | 説明 |
|---|---|
名前 | ディレクトリ サーバーの一覧でこの Crowd サーバーを識別するのに役立つよう、わかりやすい名前にします。例:
|
サーバー URL | Crowd コンソール サーバーのWeb アドレス。例:
|
アプリケーション名 | ご利用の Crowd サーバーが認識する、アプリケーションの名前。Crowd 管理コンソールを使用して、Crowd でもアプリケーションを定義する必要があります。アプリケーションの追加については、Crowd ドキュメントを参照してください。 |
アプリケーション パスワード | クライアントとして Crowd フレームワークとの認証を行う場合に、アプリケーションが使用するパスワード。これは、Crowd でこのアプリケーションに対して登録したパスワードと同じである必要があります。アプリケーションの追加については、Crowd ドキュメントを参照してください。 |
Crowd 権限
Bamboo offers Read Only permissions for Crowd directories. The users, groups, and memberships in Crowd directories are retrieved from Crowd and can only be modified from Crowd. You can't modify Crowd users, groups, or memberships using the Bamboo administration screens.
高度な設定
設定 | 説明 |
|---|---|
Enable Nested Groups | Enable or disable support for nested groups. Before enabling nested groups, check to see if the user directory or directories in Crowd support nested groups. When nested groups are enabled, you can define a group as a member of another group. If you are using groups to manage permissions, you can create nested groups to allow inheritance of permissions from one group to its sub-groups. |
| Enable Incremental Synchronization | インクリメンタル同期を有効または無効にします。ディレクトリの同期時には、前回の同期時以降の変更のみが取得されます。完全な同期はアプリケーションの再起動時に常に実行されます。 |
Synchronization Interval (minutes) | 同期とは、アプリケーションがユーザー データの内部ストアをディレクトリ サーバ上のデータで更新するプロセスです。アプリケーションは x 分ごとにディレクトリ サーバーにリクエストを送信します。x はここで指定する数値です。既定値は60分です。 |
Single sign-on (SSO) with Crowd
Bamboo supports Crowd SSO 2.0. Learn how to configure Crowd SSO 2.0
For more information, see 2024-04-19_12-06-41_Overview of SSO.
Using multiple directories
When Bamboo is connected to Crowd, you can map Bamboo to multiple user directories in Crowd.
For Crowd 2.8, and later versions, there are two different membership schemes that Crowd can use when multiple directories are mapped to an integrated application, and duplicate user names and group names are used across those directories. The schemes are called 'aggregating membership' and 'non-aggregating membership' and are used to determine the effective group memberships that Bamboo uses for authorization. See Effective memberships with multiple directories for more information about these two schemes in Crowd.
注意:
- Authentication, for when Bamboo is mapped to multiple directories in Crowd, only depends on the mapped groups in those directories – the aggregation scheme is not involved at all.
- For inactive users, Bamboo only checks if the user is active in the first (highest priority) directory in which they are found to determine authentication. The membership schemes described above are not used when Crowd determines if a user should have access to Bamboo.
- When a user is added to a group, they are only added to the first writeable directory available, in priority order.
- When non-aggregating membership is used, a user is removed from a group only in the first directory in which the user appears. With aggregated membership, the user is removed from the group in all directories in which the user exists.
An administrator can set the aggregation scheme that Bamboo uses when integrated with Crowd. Go to the Directories tab for the Bamboo instance in Crowd, and check Aggregate group memberships across directories to use the 'aggregating membership' scheme. When the checkbox is clear, 'non-aggregating membership' is used.
Note that changing the aggregation scheme can affect the authorization permissions for your Bamboo users, and how directory update operations are performed.