Skip to main content
Skip table of contents

Setup Intelligent User Manager (IUM) in Confluence

The checklist provided here is intended to help you with the configuration and functional testing of IUM.


In the first step, two new groups (IUM enable and IUM disable) are created under "Confluence administration" - "Users & Security" - "Groups" (alternatively, other names can also be used),

  • Sense of the two new groups
    • Casual users will later be moved to the IUM disable group (power users remain in their original group).
    • If occasional users need a licence, IUM temporarily copies the corresponding user into the IUM enable group and the user is assigned a licence.


Under "Confluence administration" - "Users & Security" - "Global Permissions", access for the IUM enable group is now added.


User Directories

If the "Confluence Internal Directory" is not used, the LDAP permissions ("Confluence Administration" - "Users & Security" - "User Directories" - "Edit") must be changed to "Read Only, with Local Groups".



The actual configuration is then carried out under "Confluence administration" - "IUM for Confluence" - "Configuration".

  • Group Settings
    • IUM enable is selected under "IUM Application Access Group" and IUM disable under "IUM User Group".
      (or the corresponding self-assigned names)
    • Shared Licences" indicates the number of licences to be managed by IUM.
      • under "Available licences for IUM" you can see the number of licences that are still available for IUM
        • licence tier - permanent user (- shared licences IUM) = available licences for IUM
          (for unlimited licence tiers, a value of 50,000 (licence tier) is set for IUM)
    • Under "Duration in minutes", the minimum inactivity time in minutes is specified before the licence is released again.

  • Design
    • Logo:
      A URL to the company logo can be stored here for display during the waiting time.

    • Queue message:
      Here you can define your own message for the queue display.


  • Rest
    • The entry /rest/api is already stored internally by default and do not need to be added to the rest-api configuration field. In case you add it, it will be hidden
    • additional api's can be entered here (e.g. /rest/scriptrunner)

  • User Management
    • This is where the actual moving of users into the group managed by IUM takes place.
    • Under "From Group", the group in which the current users are located is selected.
    • Under "To Group" the IUM disable group is selected.
    • After clicking on "List", a list of users from this group is displayed.
      • The users displayed are sorted in descending order according to their last activity.
        (thus, the occasional users can be sorted out little by little)
      • The number of users displayed can be set under "Number of Users".

  • Now the users that are administered by IUM are selected via the selection field.
    (no power users should be selected here, but the occasional users should be gradually sorted out)
  • With the "Move" button, the selected users are now moved.
  • The "Copy" button is used if the IUM disable group is made up of individual permission groups and does not have its own application access.



  • Moving users cannot be undone!



    • After confirming the process, you can check under "Confluence administration" - "Users & Security" - "Groups" whether the selected users have been moved to the IUM disable group.
      (the unselected power users remain in their old group)

  • please check: It is important to ensure that there are no users with a permanent license (e.g. from another group) in the IUM groups (enable/disable).

  • Automatic removal

    • Activates the automatic removal of users from the IUM access groups if the last activity is greater than the duration entered in the group settings.

    • Inactivity time in minutes
      Here you can define the inactivity time a user must be inactive to be removed from the access group.

    • Execution intervall
      Execution times 1h, 2h, 3h up to 24h


    • Start time
      The start time of the automatic removal can be set here (the time refers to the server time)


    • Enable/Disable job

      • next running time (the time refers to the server time)

      • Server Time (Current Server Time)

    • Manual job
      Click run job to purge the IUM access groups once (if the last activity is greater than the duration entered in the group settings, the user is removed from the access group).

  • Automatic User Sync Job

    • A job can be set up here that synchronizes the users from the selected origin groups into the IUM user group. The users remain unaffected in the original groups.



    • The User Sync can be executed for one or more group pairs (depending on which group pairs were defined in the IUM group configuration).

      • Original Group
        The original groups can be selected here.

      • IUM User Group
        Here you can choose between the ium user groups defined in the group configuration


    • Execution intervall
      Execution times 1h, 2h, 3h up to 24h


    • Start time
      The start time of the automatic removal can be set here (the time refers to the server time)


    • Enable/Disable job

      • next running time (the time refers to the server time)

      • Server Time (Current Server Time)

      • Last execution date

    • Manual job
      Execute the User Sync process once.

  •  SAML
    • IUM supports single sign-on services such as ADFS, Azure, Google or Okta. (How to setup)


Control

  • Two users have now logged in. (User1, User2)
  • Under "Confluence administration" - "Users & Security" - "Groups" - "ium enable" you can see that the two users have been copied to the IUM enable group and therefore have access to Confluence.
  • After logging off, the user is automatically removed from the IUM enable group and the licence used is free again.
  • If a user simply closes the browser (without logging out), he or she remains in the IUM enable group until the licence occupied by him or her is needed.
    Only at this point will they be removed from the IUM enable group.


  • Since in this example only 2 licences were made available for administration by IUM for "Queue Size", the following display appears for the third user third user the following display appears.



  • After the waiting time has expired, the user with the longest inactivity time is moved to the IUM disable group, his or her used licence is released again and the waiting user is logged in.
  • If a logged-in user is inactive for longer than the time specified under "Duration in minutes", this user is moved directly to the 
    group IUM disable and his used licence is directly passed on to the new user.
    (The queue would not be displayed in this case)


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close