There are two approaches available to manage what privileges a Crowd user has when they login to Nexus.
Mapping Crowd Groups to Nexus Roles is preferable because there is less configuration is involved overall in Nexus and assigning users to Crowd groups can be centrally managed inside of Crowd by your security team after the initial Nexus setup
When mapping a Crowd group to a Nexus role, you are specifying the permissions ( via roles ) that users within the Crowd group will have after they authenticate to Nexus.
To map a Crowd group to a Nexus role, open the Roles panel by clicking on the Roles link under the Security section of the Nexus sidebar menu. Click on the Add… button and select External Role Mapping as shown in Figure 9.7, “Adding an External Role Mapping” and the Map External Role dialog.
After choosing the Crowd realm, the Role drop-down should list all the Crowd groups the nexus crowd application has access to. Select the group to would like to map in the Role field and click Create Mapping.
If you have two or more groups in Crowd accessible to the nexus application with the same name but in different directories, Nexus will only list the first one that Crowd finds. Therefore, Crowd administrators should avoid identically named groups in Crowd directories.
Before saving the group-to-role mapping, you must add at least one Nexus role to the mapped group. After you have added the Nexus roles using the Add button, click the Save button.
Saved mappings will appear in the list of Nexus Roles with a mapping value of Crowd, as shown in Figure 9.10, “Mapped External Crowd dev Group to Nexus Developers Role”.
To illustrate this feature, consider the Crowd server user with an id
brian. As visible in the Crowd administrative interface in
Figure 9.11, “Crowd Groups for User "brian"”, the user is a member of the
To add an External User Role Mapping, open the Users panel in Nexus by clicking Users in the Security section of the Nexus sidebar menu.
Click on the Add… button and select External User Role Mapping from the drop-down as shown in Figure 9.12, “Adding an External User Role Mapping”.
Selecting External User Role Mapping will show a mapping panel where you can locate a user by Crowd user id.
Typing the Crowd user id - for example
brian - in the Enter a User
ID field and clicking the magnifying glass icon, will cause Nexus to
search for a user ID
brian in all known realms, including Crowd.
Once you locate the Crowd user, use Add button to add Nexus roles to
the Crowd User. You must map at least one Nexus role to the Crowd
managed user in order to Save. Figure 9.14, “Mapped External Crowd User Example”
displays the brian Crowd realm user as a member of the dev Crowd
group and the mapped Nexus role called Nexus Administator
Role. External groups like
dev are bolded in the Role Managment