we (a team of about 150) are considering moving our ALM solution from Bugzilla/CVS to Jira/svn/Confluence/Bamboo/Fisheye. SO has a lot of good info on those, but I would be interested to learn about another tool from Atlassian - a Single Sign On (SSO) Crowd , I am considering adding it to the mix for an LDAP integration with our Novell id's. has someone had any experience with Crowd? how does it handle 100/200/500 (after recession, that is) users? any tips/tricks? would you choose different, open source SSO solutions? thanks EDIT: a year has passed... We got Crowd and went with ActiveDirectory integration along with internal Crowd directory (for short-term contractors, etc.). So far the solution works just great. EDIT2: Another year: still going strong (We have 1K users now). Nested groups is a killer feature, thankfully it is working fine after last point release. EDIT3: mid-2012 - 7.5K users - going strong. with a little automation for onboarding (Confluence pages with Ajaxified forms + a little Crowd plugin)

Reputation: 1262

Atlassian Crowd experiences?

we (a team of about 150) are considering moving our ALM solution from Bugzilla/CVS to Jira/svn/Confluence/Bamboo/Fisheye. SO has a lot of good info on those, but I would be interested to learn about another tool from Atlassian - a Single Sign On (SSO) Crowd, I am considering adding it to the mix for an LDAP integration with our Novell id's.

has someone had any experience with Crowd?
how does it handle 100/200/500 (after recession, that is) users?
any tips/tricks?
would you choose different, open source SSO solutions?

thanks

EDIT: a year has passed...

We got Crowd and went with ActiveDirectory integration along with internal Crowd directory (for short-term contractors, etc.). So far the solution works just great.

EDIT2: Another year: still going strong (We have 1K users now). Nested groups is a killer feature, thankfully it is working fine after last point release.

EDIT3: mid-2012 - 7.5K users - going strong. with a little automation for onboarding (Confluence pages with Ajaxified forms + a little Crowd plugin)

Upvotes: 30

Answers (5)

Markus

Reputation: 2183

We have also Crowd installed and connected within the Atlassian product family. It is backed by a corporate LDAP (M$ AD). So far it is great and works pretty well.

BUT currently we're struggling with integration of so called custom applications. We have e.g. Prometheus for monitoring data which doesn't have any authentication built in. So we have an Apache 2.4 in front as SSL endpoint. To add authentication we considered integrating it with Crowd. There is a Apache Crowd connector that is no longer supported (which would be fine by me). There are only the sources available, but built on Apache 2.2. We have to use Apache 2.4 (corporate policy) where some of the required API has been removed.

So either we invest considerable amount of time to migrate the Connector to current Apache API or we do something else (like using a generic LDAP connector towards AD). Which makes the whole Crowd idea a bit a two sided sword for us. (We wanted to centralize user management within our project into a single tool like Crowd to get rid of corporate processes and regulations on the central LDAP).

UPDATE: We now use https://github.com/fgimian/cwdapache connector for Apache 2.4 (with slight adaptions it can be built for Ubuntu 16.04). This adds support for Apache Basic Auth with Crowd groups/users.

UDAPTE2: Bitbucket, Jira, Confluence, Crucible work out of the box of course. User migration is a bit cumbersome though (renaming old users and then integrate with Crowd or use unsupported SQLs).

Jenkins 2 and Nexus 3 seem to work fine.

FURTHER DOWN THE ROAD: Right now I am considering Crowd as a centralized tool for identity and access management for Atlassian products. There it works fine and does what it should. Integrating numerous other applications just sucks since available integrations are not supported/updated. Example: if you want to have Crowd authentication with nginx there is nothing usable available. There is a OpenId Connect module available, but Crowd lacks support for that (they only support outdated OpenId v2.0). Not even talking about OAuth. There is a Atlassian OAuth library, but Crowd doesn't have it yet (or will ever). Even the Google Apps support will vanish, since Google dropped support: https://developers.google.com/identity/protocols/OpenID2Migration

Upvotes: 0

sorin

Reputation: 170808

I do have few installations of Crowd with over 16000 users, most comming from LDAP/Active Directory and I would say that the performance would not be a problem but there are other problems which Atlassian did considered solving in years:

There is no auto account creation/registration in crowd
None of the Atlassian products allows people to register accounts with an email validation
There is no way to prevent people from creating several accounts with the same email address.
SSO works only if you have only one domain.

If you do no have many users you can configure Confluence to coonect to Jira directly instead of using Crowd. Atlassian products do already have an interal crowd instance in them, but its performance is limited to about 200 users or so (it's more about the number of authentications made, not the total number of users).

Considering the above limitations, I would summarize that Crowd is far overpriced for what it delivers, unless you are getting a free license if you are eligible.

Upvotes: 2

Steve Lane

Reputation: 769

We're using Crowd with about 80 users and expect that number to climb into the hundred when we roll it out for client access. Crowd is important to us because it allows us to integrate Jira and Confluence (the Atlassian wiki) with SSO, which is critical.

Crowd works well for us but it does have some quirks. We are using it to draw authentications from Active Directory. There are some things that are a little inelegant. We need to do some more digging to troubleshoot those.

But that aside, Crowd is a big win for us, for these two reasons:

SSO across Atlassian apps
Ability to have our internal users drawn from Active Directory, and add clients directly to Crowd and not bog down AD

We're very happy with all the Atlassian tools.

Upvotes: 4

doflynn

Reputation: 117

Major disclosure: I'm the Crowd Product Manager. So, apply as much NaCl as you think wise.

I'd be very surprised if you had any issues with 500 users. Especially since Novell seems to be one of the better directory servers in terms of performance. The only time I'd expect to see problems is if your Crowd server and Novell directory server are on opposite sides of the world. Don't do that unless you have to :-)

We have plenty of users connecting thousands of users to JIRA, Confluence, and the Dev Tools with Crowd.

Any issues - drop us a line ([email protected] or http://support.atlassian.com) and we'll help out.

Cheers, Dave.

ps: I hope that didn't come off as a sales pitch or "we make magic products that are perfect in every possible way, now give us your money!"

Upvotes: 15

gareth_bowles

Reputation: 21150

I haven't had experience with Crowd on such a large set of users as yours, but I did find it very easy to set up and manage our JIRA, Confluence and SVN instances with Crowd (we only have 25 users). It will handle Apache authentication as well, so I'm planning to switch our various authenticated Web sites to Crowd as well.

According to Atlassian's site, Crowd should easily be able to handle 500 users; there are some useful case studies and Webinar recordings on the site that will tell you more.

Upvotes: 3

Atlassian Crowd experiences?

Answers (5)

Related Questions