Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal


  • Give kudos
  • Received
  • Given


  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Getting confluence to SSO using windows authentication

Confluence version: 3.5.2

Crowd is installed and configured to work with AD and confluence

My client is able to login to confluence using their AD username and password, and this is being authenticated via a Crowd server so SSO is acheivable within other applications, in this case a forum application.

The client wants their users to just login to the windows workstations and then not get prompted for a username or password when they access confluence for the first time.

Looking around it appears back in the day NTLM was the right method, and there was a plugin that would get it all working, however that plugin no longer works on this version of confluence (unrecognised plugin) and so I have been lead down the path to Kerberos.

EDIT: as a followup I have found this wiki but its pretty old, and a bit daunting:

Is there an easier method that I am clearly missing to get confluence to login as the locally logged in windows authenticated user?

8 answers

1 accepted

5 votes
Answer accepted
Joe Clark Atlassian Team Jun 18, 2012

There's a bunch of options:

1) Use Andy Brook's NTLM plugin - I don't know if he still maintains this or what its current status is.

2) An Atlassian partner, AppFusions, sells and supports a Kerberos authenticator for Confluence

3) Another Atlassian partner, TechTime, sells and supports an NTLM authenticator for Confluence

4) Follow the instructions on our SharePoint Connector documentation to setup an IIS reverse proxy for Confluence (note: this configuration is not supported by Atlassian unless you are using the SharePoint Connector).

Just as an update, given time since this was posted (and its now 10/14/2014). AppFusions also supports Kerberos for the entire Atlassian Suite (JIRA, Crowd, FishEye, Crucible, Bamboo) and SVN. Have not done Stash yet. We also have SSO authenticators for SAML2 (for example, SiteMinder, etc), OAuth2, and Google's latest Google+ protocol (next gen from their OpenID auth). for more info since some of these are a little complicated, but have the packaging down on these now to be pretty straight-forward/simple to deploy too.

There is a new Kerberos SSO plugin for confluenece on the marketplace:

It has a free version and a paid version with extra features, as well as optional support available for purchase. I have not tried it yet, so I can't say how well it works.

1 vote
Bruno Vincent Community Leader Aug 18, 2015

Hi, Please check out our new add-on, Integrated Windows Authentication for Apps using Crowd (IWAAC) at

IWAAC uses SPNEGO/Kerberos to allow your Windows domain users to log into Jira, Confluence, Bamboo, Bitbucket Server, FishEye, Crucible or any other web app using Crowd as its user management system, without entering a password.

More commercial and technical details are available at

Best regards,


Thanks Joseph, we have exhausted all avenues on the NTLM plugin as it appeared to work back in 2008, doesnt fare so well in todays versions.

AppFusions and TechTime are possible options however not necessarily the solution we were looking for. as an FYI on anyone else attempting to do this, get ready for a very rocky road!!

Hello ZeD -

Not sure what you heard or why your thoughts - but from your description, the AppFusions solution solves the problem/use case scenario exactly as you describe.

Also can share many referrals if you need it - that are happily running our solution now (large, small, simple, and complicated networks)

Our solution is not a rocky road at all - yet we also manage it out the door with service to ensure it is not a rocky road. We've deployed it dozens of times with success, all flavors of Atlassian software.

Happy to deploy it for your Crowd server too.



Adaptavist also offer a SSO plugin. It might not be a complete solution on it's own. I used it in the past to set up a Confluence session on behalf of a user with a current session in a legacy system. It worked very well.

As already mentioned above by Joseph Clark:

Our NTLM Authenticators for Jira and Confluence support the latest versions of both applications.

TechTime Initiative Group, an Atlassian Expert in New Zealand has been providing a solution to do NTLM authentication (a.k.a auto-login or SSO in Windows environment) with Confluence and Jira for over 5 years.

We have over 40 customers successfully using this solution in New Zealand, Australia, Switzerland, Finland, Norway, Sweeden, France, Germany, Netherlands, Slovenia, Czech Republic, Turkey, Russia, Latvia, the UK and the USA both in NTLMv2 and NTLMv1 environments.

The NTLM Authenticator is delivered as a jar file and instructions how to deploy it to Atlassian Jira and/or Confluence to work in conjunction with IOPlex Jespa to perform NLTM authentication in Windows environment.

The cost is one-off NZ$150 (plus fees for Jespa license payable to IOPlex). We do sell bundles that include IOPlex Jespa license.

If you need it, the trial version is available from our TurningRight website.

Bruno, does it work with HipChat also?


Bruno Vincent Community Leader Dec 16, 2015

Hi Dana, Unfortunately as of today it does not. IWAAC relies on Crowd SSO and as far as I know Hipchat can only be integrated with Crowd for user management and authentication and not for SSO (see If Atlassian provided integration for SSO as well, we would obviously consider adding Hipchat support to our add-on. Best regards, Bruno

We (Kantega Single Sign-on) have a Kerberos & SAML plugin for all the Atlassian products except for Crowd and Hipchat. 

Both Kerberos and SAML may be configured using a setup wizard, and is very easy to cofigure.


Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

429 views 23 9
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you