Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Login difficulties for local users

Maro Hamamjyan
Maro Hamamjyan
Contributor
November 5, 2018

Hello,

Our users are claiming because when they change their passwords, they are not able to access the environment using any browser. The problem is that they save their passwords and when the windows password is being changed, browser still remembers the old one, so every time we need to delete all browsing data in the browsers and ask them to re-enter their username and password. This is a real problem specially when users are managers, please suggest a solution, Who has solved this problem?

We use AD and get our users from there.

Thanks in advance

Answer
Watch
Like Be the first to like this
906 views

3 answers

2 accepted

0 votes
Answer accepted
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 5, 2018

I would strongly recommend Windows Integrated Authentication ( also known as Kerberos) if you use Microsoft AD. With this SSO protocol, your users are automatically logged in to Jira based on their windows session tickets.

There are two vendors offering Windows Integrated Authentication to Jira:

1) Kantega SSO (the company I work for), and
2) Techtime - EasySSO.

Please contact us if you need help configuring Windows Integrated Authentication for your environment.

Cheers,
Jon Espen

View More Comments
Maro Hamamjyan
Maro Hamamjyan
Contributor
November 5, 2018

Hi Jon,

Thanks for your reply. We use Microsoft AD, but do not have ADFS. Will the add-on you suggest work with that? Also, when the password is changed for a user in AD(our users regularly change their passwords), will it get the new password and open the page without bringing at error?

Like
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 5, 2018

You will not need ADFS to setup Windows Integrated Authentication (WIA), and AD supports this out-of-the-box.

In this authentication, users are authenticated in Atlassian based on valid windows session tickets on the local machines (and not based on their password). 

When the password is changed for a user in AD, he / she will still be automatically authenticated.

Note that, WIA requires users to work on trusted networks. If they login-through a remote network (ex. work from home or out traveling) they need to login traditionally through username / password or SAML SSO. For SAML, your would need an Identity provider such as AD FS or Azure AD.

WIA does not help updating remembered passwords in the browsers, but, to a large extent, it eliminates the problem and gives users a much better login experience :)

-Jon Espen

Like
Kat Warner
Kat Warner
Atlassian Partner
November 5, 2018

Thanks for the shout out @Jon Espen Ingvaldsen Kantega SSO

Like Jon Espen Ingvaldsen Kantega SSO likes this
Maro Hamamjyan
Maro Hamamjyan
Contributor
November 6, 2018

Hi Jon,

 

Thanks for nice explanation. I want to try the add-on, as far as I understand I should choose SSO with Kerberos option for configuration. hopefully no questions will raise during configuration, but in case they occur should I write you or open a ticket for vendor (I think in any case you re going to answer me).

Like
Maro Hamamjyan
Maro Hamamjyan
Contributor
February 12, 2019

Hello Jon,

 

Can you please help me to find the place where I can configure the IPs in the plugin?

 

SSO.JPG

Like
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 12, 2019

Hi Maro. 

This is a bit strange. It looks like the addon does not have a valid license, event though the we are not yet in March.

What happens if you press "enable"?

Regards,
Jon Espen

Like
Maro Hamamjyan
Maro Hamamjyan
Contributor
February 12, 2019

Hi Jon,

I have already generated an evaluation licensee, as you may see in the screen shots it says that my trial will expire 13/March/19 only.

Like
Maro Hamamjyan
Maro Hamamjyan
Contributor
February 12, 2019

I do not want to enable it till I didn't configure the IPs

Like
Reply
0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 5, 2018

There's nothing you can do about this, other than get the users to stop saving their passwords in the browser.  It's not a Jira behaviour, it's the browsers.

View More Comments
Maro Hamamjyan
Maro Hamamjyan
Contributor
November 5, 2018

In case they do not save their passwords in browsers they have to enter their logins and passwords browsers every time.. it would be perfect if jira did not ask customers to enter their logins and passwords, it could just get the user from AD automatically

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 5, 2018

Yes, that's basic security and access control.

It sounds like you want to have some form of automatic login, such that someone logs into your AD once, and their computer keeps a token that can be used to log in to other systems without asking again.

This is called "Single Sign On" (SSO), and is not something most systems support automatically.  You will need to find and add an App to Jira to enable it (or use Crowd for your user directory, as it's built into that)

Like
Maro Hamamjyan
Maro Hamamjyan
Contributor
November 5, 2018

Thanks Nic, an add on is a good idea!

Like
Reply
0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 12, 2019

Hi Maro. You have to enable the add-on to get the configuration features. 

It is, however, possible to also enable / disable IDPs after they are configured.

We can follow the dialog further on mail.

Best,
-Jon Espen

View More Comments
Maro Hamamjyan
Maro Hamamjyan
Contributor
February 13, 2019

I Jon, Can you please write your email address?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security