Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Limit application license count to specific Crowd groups

JamesT
JamesT
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 25, 2016

We've recently installed Crowd in our Test environment, which has Bitbucket (BB), JIRA, and Confluence.  We've created a Delegated AD directory in Crowd, and we can manually add AD/LDAP-based users to that Directory.  We'd like to use this Directory for ALL of the apps, so we only have to create users in one Directory, and so that groups are consistent across all apps.

We added 12 users to Crowd, and put all of them into a "bitbucket-users" group.

We created an Application for BB in Crowd, and configured it so that only members of the bitbucket-users group can log into the Application.  We then linked BB to this Crowd Directory/Application, and the users can login.  Removing a user from the bitbucket-users group (and re-sync'ing the Dir inside BB) prevents the user from logging in.  Up that point, everything seemed to work exactly as as wanted.

However, after removing some users from the bitbucket-users group as described above, the BB license count does NOT go down.  Since BB can see the whole Crowd Directory (12 users), it's assigning licenses to all 12 of them.  However, only 10 of them can login, after removing 2 of them from the bitbucket-users group.

We need BB to only consume 10 licenses (the # of users in the bitbucket-users group, i.e., the # of users who can actually login), and to NOT consume a license for every user in the Directory.  We have 250 BB licenses, and 2000 Confluence licenses, but if we add our 2000 Confluence users to the same Directory (using different groups), BB will still see those 2000 users and we'll be over our license limit.

I'm hoping that I'm missing something, but if not, I see some options, none of which I love:

  1. Create separate Directories, one per Application, but this means duplicating users in different Directories
  2. Stop using the Delegated AD type of Directory, and switch to something like an AD "connector", and specify a custom LDAP query, but this means that we need to move our group management to AD/Outlook (would rather do it in Crowd), and it still means a separate Directory for each Application.

is there anything I'm missing, or better ways to do this?  How do others setup their Crowd Directories and Applications?

Thanks,

   Jim

 

Answer
Watch
Like Be the first to like this
1112 views

1 answer

1 accepted

0 votes
Answer accepted
lpater
lpater
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 30, 2016

Hi James,

Currently the list of groups defined for the application in Crowd limits which users can authenticate, but doesn't impact synchronisation (i.e. all users and groups from the directories assigned to the application will be synchronised). There's a feature request to change this behaviour here. Please have a look, vote for it and comment with your use case.

In the interim you should be able to keep using a shared directory by making sure that only the 'bitbucket-users' group has the 'Bitbucket User' global permission in Bitbucket Server. This will cause only users that are members of that group to consume a license in Bitbucket, while other users will not. See here for more details on configuring global permissions in Bitbucket Server.

View More Comments
JamesT
JamesT
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 31, 2016

Thanks, you're right.  I wasn't watching the "Bitbucket User" global permission closely enough.  Several of the folks I was removing from the bitbucket-users group were also directly in the "Bitbucket User" global permissions as admins, so removing them from the group was not affecting the license count since they still had global permissions.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.