The Google App Connector comes standard with Crowd from Atlassian and can be configured directly in Crowd Administration. The Google App Connector for Crowd allows you to actively use single sign-on (SSO) for your apps and open apps like Docs or Sheets from Jira or Confluence without further authentication.
Learn how to use the Google App Connector in Crowd below.
What is Single Sign-On (SSO)?
Simply put, single sign-on allows you to log into multiple apps (here Atlassian Software and Google Apps) with just one account and use them simultaneously. I'm sure you're familiar with this from apps. You log into your Gmail and can also use Google Docs or Meets at the same time.
How does SSO work with the Google App Conntector?
So in the case of Google Apps, the authentication is your Google user ID and password. Google Apps handles the SSO part with its Google Account website.
When you sign in to Gmail in the morning, you'll be prompted to enter your authentication information on the Google Account website, which will then redirect your browser back to GMail if authentication is successful.
Your Google Account remembers that you successfully authenticated this morning, so when you visit a Docs & Sheets page later in the day, it redirects again. This eliminates the need to re-authenticate.
In colloquial terms, it means:
- Authenticate: The data used to authenticate a user.
- SSO - When you log in to one app, you don't have to log in to another app to access it (at least for a period of time in the same browser).
The great advantage of using Google as SSO solution for Atlassian Crowd is that you can configure the SSO functionality yourself.
Learn how to configure and use the Google App Connector for Crowd here:
Configuring the Google Apps Connector for Crowd
Requirements - YOU need the Google Suite
To Single sign-on in Google Workspace you need the Premier, Education, or Partner edition of Google Workspace. The free standard version of Workspace does not support SSO. So be sure to check your version beforehand and upgrade if necessary.
Step 1: Configuration of the crowd application, directories and group details
In this step, you'll enter the Google App Connector application details into Crowd. You can manage access to Google Apps by connecting people directories and/or groups to the apps.
9 Steps to Configure the Google App Connector in Crowd
- Log in to the Crowd Administration Console.
- Click the Applications tab in the top navigation bar.
- Click on the link for the application name "Google Apps".
- If necessary, you can change the description. Make sure that the "Active" checkbox remains ticked.
- Click the Directories tab and select one or more user directories that contain the users you want to have access to Google Apps.
- To specify which users within the directory are allowed to authenticate to the application, you can either:
- On the Directories tab, change the Allow all to authenticate option to True. This will allow all users in that directory to sign in to Google Apps. (The default setting is False).
- On the Groups tab, use the Add button to select one or more user groups.
- Click the Permissions tab and set the directory permissions for the application.
- If necessary, you can change the application options on the Options tab:
- Lowercase output - See Forcing lowercase user names and groups for an application.
- Enable Aliasing - See Specifying a User's Aliases.
- Click on the Configuration tab and create your SSO keys as described in step 2.
Step 2: Generation of Single-Sign-On (SSO) authentication keys
To be able to link your Google Apps with Crowd, authentication keys must now be created. On the one hand, a "Public Key" and a "Private Key". To do this, go to "Configuration" in the open window and click "Create new keys".
With Atlassian Crowd you generate a public key and a private key and store them in the crowd.
Database. After the keys are created, you will see the message "DSA key generated and saved successfully".
Step 3: Configure Google Workspace and connect to Crowd
In order for Google to communicate with Crowd, the SSO must be adjusted in the Google Workspace Admin environment. Only then is authentication with Google Apps possible.
Here's how to configure Google Apps to recognize Crowd:
- Sign in as an administrator in your Google Apps dashboard.
- Then click on 'Security'.
- Navigate to 'Advanced Settings'.
- Click on single sign-on (SSO) set up.
- Copy the URLs from the Crowd configuration screen (see above) and paste them into the Google Apps screen.
- Now upload the public key Crowd created for you in step 2 above:
- Now click Browse under "Verification Certificate".
- In Crowd, navigate to the Google Apps configuration and download the public key by clicking the Download button next to the label Public key click.
- Select the public key certificate (filename DSAPublic.key) and upload it to Google Apps.
- If required for your network configuration, select the check box a domain-specific issuer and enter all required network masks in Google Apps. For instructions on these settings, see the documentation.
- Save your changes last.
Step 4: Verify that users can authenticate with Google
In the last step, it is important to verify that the Google App Connector configuration with Crowd was successful.
Proceed as follows:
- In the Crowd Admin interface and app configuration, go to the "Authentication Test" tab.
- Enter your login information or the login information of a test user and click on "Test".
- Once you've set them all up correctly, you'll get a success message and you're done.
With this, you have successfully configured the Google App Connector in Crowd and all your users no longer need to sign in to Cloud Apps individually.
The username must exist in both Google Apps and Crowd.
The username must exist and be identical in both Google Apps and Crowd. The Crowd Google Apps Connector does not support adding users automatically. If the user exists in Crowd but not in Google Apps, they will not be able to sign in.
Need help configuring your Crowd application or other Atlassian software like Jira or Confluence? You can find more information here: XALT Atlassian Services.