Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

SSO is set up correctly but does not function like traditional sso enterprise, what is wrong?

James M November 29, 2018

I have set up Jira, Confluence, Bitbucket all to use SSO.

I restart my machine and log in, once in, I go to my applications but I am still forced to log in (using the same credentials I used to get into my machine). Why does SSO only function correctly after the initial log in to my web applications?

Once I've logged in initially, I am able to switch using application links between the different application no problem without having to sign in. That is not how SSO is suppose to work. Is there something I am missing for this function to work correctly? 

We use Jira server 7.12.3, Confluence server 6.11.0, Bitbucket server 5.13.0, Crowd 3.2.2.

 

To be clear: I would like to be able to log into my enterprise machine once and start my https://example.jira.com application without having to sign in again. 

 

3 answers

1 vote
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 30, 2018

Hello @James M

What you are experiencing now is the standard behaviour. Crowd actually provides Web SSO between Atlassian applications, which means that you must first log into one these applications before you can navigate to other applications without entering a username and password again.

What you are aiming at is Windows SSO, which means that you don't have to enter any username and password if you're connecting to your Atlassian applications from an enterprise desktop that belongs to your Active Directory enterprise domain. This requires a third-party add-on, for instance Integrated Windows Authentication for Applications using Crowd (IWAAC).

Disclaimer: I work for the vendor of the IWAAC add-on. There are other Windows SSO add-ons available on Atlassian Marketplace.

Hope this helps!

Bruno

0 votes
Marek Radochonski
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 7, 2018

@James M I wanted to let you know that we are currently working on improved SSO in Crowd and we would be happy to get on the call with you to discuss your use case. Please feel free to reach out to me directly at mradochonski@atlassian.com 

0 votes
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 30, 2018

If you have Active Directory and your users work on trusted networks, you can also setup Integrated Windows Authentication (IWA / Kerberos) directly, without buying Crowd. Our company, Kantega SSO, has plugins for Jira, Confluence, Bitbucket, Bamboo and Fisheye / Crucible enabling this form of SSO. 

You can also combine IWA / Kerberos with other SSO protocols, such as SAML and OIDC. Such a combination will give users on trusted networks get the optimal SSO experience (totally login free), while authentication is established though an SAML or OIDC identity provider when working remotely.

Please reach out if you need assistance configuring your environment.

Cheers,

Jon Espen

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events