I have set up Jira, Confluence, Bitbucket all to use SSO.
I restart my machine and log in, once in, I go to my applications but I am still forced to log in (using the same credentials I used to get into my machine). Why does SSO only function correctly after the initial log in to my web applications?
Once I've logged in initially, I am able to switch using application links between the different application no problem without having to sign in. That is not how SSO is suppose to work. Is there something I am missing for this function to work correctly?
We use Jira server 7.12.3, Confluence server 6.11.0, Bitbucket server 5.13.0, Crowd 3.2.2.
To be clear: I would like to be able to log into my enterprise machine once and start my https://example.jira.com application without having to sign in again.
Hello @James M
What you are experiencing now is the standard behaviour. Crowd actually provides Web SSO between Atlassian applications, which means that you must first log into one these applications before you can navigate to other applications without entering a username and password again.
What you are aiming at is Windows SSO, which means that you don't have to enter any username and password if you're connecting to your Atlassian applications from an enterprise desktop that belongs to your Active Directory enterprise domain. This requires a third-party add-on, for instance Integrated Windows Authentication for Applications using Crowd (IWAAC).
Disclaimer: I work for the vendor of the IWAAC add-on. There are other Windows SSO add-ons available on Atlassian Marketplace.
Hope this helps!
Bruno
@James M I wanted to let you know that we are currently working on improved SSO in Crowd and we would be happy to get on the call with you to discuss your use case. Please feel free to reach out to me directly at mradochonski@atlassian.com
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you have Active Directory and your users work on trusted networks, you can also setup Integrated Windows Authentication (IWA / Kerberos) directly, without buying Crowd. Our company, Kantega SSO, has plugins for Jira, Confluence, Bitbucket, Bamboo and Fisheye / Crucible enabling this form of SSO.
You can also combine IWA / Kerberos with other SSO protocols, such as SAML and OIDC. Such a combination will give users on trusted networks get the optimal SSO experience (totally login free), while authentication is established though an SAML or OIDC identity provider when working remotely.
Please reach out if you need assistance configuring your environment.
Cheers,
Jon Espen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.