Documentation's navigation


On this page


Synchronization of Users and Groups

While space privacy is deactivated, group memberships may change or users may be deleted. These changes are synchronized whenever the app is updated or reactivated. This may take a long time if you have a large number of extranet spaces and groups, so don't worry.

 

Here's what you need to do to activate the synchronization of users and groups.

Navigate to Confluence administration → Space Privacy → Maintenance & Support → Synchronization.

Click on the Synchronization of Users and Groups tab. Then, activate the Activate synchronization (recommended) checkbox.

Please note

Make sure you run the activation sync task only if you have a Lucene search index!

If you remove it manually and rebuild it from scratch, unset the checkbox here.



Additionally, you can run the synchronization manually. We explain how to do it further below.

If you can ensure that users and their extranet-related group memberships did not change while the app is deactivated, you can speed up the activation of space privacy by unchecking this option.


Automatic synchronization and LDAP

User synchronization with an LDAP directory can lead to unwanted issues.

Usually, when a user is created within LDAP, this user is not assigned to any user group.

Once Space Privacy runs the automatic synchronization, the new user will be added to the system. Then, once the user logs in, they are automatically assigned to the "confluence-user" group.

This means that the user will be able to see everyone and everything!

 

To prevent this from happening, you have to assign every user the right user group directly in your LDAP directory and then manually synchronize users and user groups.


You can also schedule the synchronization of users and groups to run on a regular basis.

You can find the corresponding job in the administration area under Scheduled Jobs under the name Space Privacy - Sync Groups and Members. The job is set to 2099 because it is only needed for nested groups.

If you want it to run every hour, for example, you can enter the following value.

0 0 * * * ? * 

Please note: Depending on the number of groups and group members, this job may increase the memory and CPU usage. If this has a negative impact on the performance of the application, then please configure the job to run at off-peak hours.


For further information, click here.


Manual Synchronization (Users and Groups)

To ensure that all users and groups in your extranet are up-to-date, you can synchronize them manually.

Manual synchronization can fix visibility problems or other inconsistencies in the app. This will also fix improper permission changes made by (space) administrators that wrongly impacted the extranet privacy settings.

 

To start a manual synchronization, navigate to Confluence administration → Space Privacy → Maintenance & Support → Synchronization.

Click on the Manual Synchronization (Users and Groups) tab to open it.

Now, click on the Start now button to start the manual synchronization.

Please note that while one of these tasks is running, you can not configure your extranet spaces (for example add new extranet users). Privacy and visibility checks still work as expected.


Important notice regarding licenses

Manual synchronization synchronizes every user in your AD. This COULD lead to a potential synchronization of hundreds or thousands users (hypothetically speaking). Be careful, since one synchronized user = one activated license.


Fix Permissions

Fix global extranet access

If you assign existing groups to an extranet space, the app sets content permissions for that space. When somebody has changed these permissions manually, you can run this tool to fix the permissions.


To do so, navigate to Confluence administration → Space Privacy → Maintenance & Support → Synchronization.

Click on the Fix Permissions tab to open it.

In the Fix global extranet access section, click on the Start now button.

Please note that all extranet group permissions will be reset. All memberships to extranet space groups which were changed outside of the extranet space management will be reverted, too.

Permissions that were defined within the space tools of a space remain unchanged by this action.

Fix access to extranet spaces

All users assigned to an extranet space are added to the group "extranet users". In case somebody has changed the "extranet-users" group memberships manually, you can run this tool to fix/restore the memberships.


To do so, navigate to Confluence administration → Space Privacy → Maintenance & Support → Synchronization.

Click on the Fix Permissions tab to open it.

In the Fix access to extranet spaces section, click on the Start now button.

 

Fix group permissions

The content permissions for individual users are managed by pre-defined extranet groups (for example extranet-SPACEKEY-user-consumer). If these groups are deleted or changed, you can run this tool to fix the extranet groups.

To do so, navigate to Confluence administration → Space Privacy → Maintenance & Support → Synchronization.

Click on the Fix Permissions tab to open it.

In the Fix group permissions section, click on the Start now button.

 


Safety Guidelines

We strongly recommend the following Confluence configuration settings to avoid potential security risks:

Make sure people are not allowed to register their own accounts, especially without restriction to your domain.

If you allow anonymous access, make sure anonymous users don't have permission to create or edit anything anywhere (pages, blogposts, comments, attachments etc. in any space).
     
If you configure your instance differently, you do so at your own risk.





☁️ Looking for a Cloud-based Intranet?

Check out Mantra, your go-to alternative to Linchpin in the Atlassian Cloud!

Mantra is your a comprehensive solution for connecting teams, making collaboration a breeze, and keeping your company's internal communication strong and streamlined - all in the cloud.

Test the intranet for Confluence Cloud now for free: 


Discover Mantra


This page was last edited on 11/15/2024.