SSO is set up correctly but does not function like traditional sso enterprise, what is wrong? Edited

I have set up Jira, Confluence, Bitbucket all to use SSO.

I restart my machine and log in, once in, I go to my applications but I am still forced to log in (using the same credentials I used to get into my machine). Why does SSO only function correctly after the initial log in to my web applications?

Once I've logged in initially, I am able to switch using application links between the different application no problem without having to sign in. That is not how SSO is suppose to work. Is there something I am missing for this function to work correctly? 

We use Jira server 7.12.3, Confluence server 6.11.0, Bitbucket server 5.13.0, Crowd 3.2.2.

 

To be clear: I would like to be able to log into my enterprise machine once and start my https://example.jira.com application without having to sign in again. 

 

3 answers

0 votes
Bruno Vincent Community Champion Nov 30, 2018

Hello @Albaro Tinoco

What you are experiencing now is the standard behaviour. Crowd actually provides Web SSO between Atlassian applications, which means that you must first log into one these applications before you can navigate to other applications without entering a username and password again.

What you are aiming at is Windows SSO, which means that you don't have to enter any username and password if you're connecting to your Atlassian applications from an enterprise desktop that belongs to your Active Directory enterprise domain. This requires a third-party add-on, for instance Integrated Windows Authentication for Applications using Crowd (IWAAC).

Disclaimer: I work for the vendor of the IWAAC add-on. There are other Windows SSO add-ons available on Atlassian Marketplace.

Hope this helps!

Bruno

If you have Active Directory and your users work on trusted networks, you can also setup Integrated Windows Authentication (IWA / Kerberos) directly, without buying Crowd. Our company, Kantega SSO, has plugins for Jira, Confluence, Bitbucket, Bamboo and Fisheye / Crucible enabling this form of SSO. 

You can also combine IWA / Kerberos with other SSO protocols, such as SAML and OIDC. Such a combination will give users on trusted networks get the optimal SSO experience (totally login free), while authentication is established though an SAML or OIDC identity provider when working remotely.

Please reach out if you need assistance configuring your environment.

Cheers,

Jon Espen

0 votes

@Albaro Tinoco I wanted to let you know that we are currently working on improved SSO in Crowd and we would be happy to get on the call with you to discuss your use case. Please feel free to reach out to me directly at mradochonski@atlassian.com 

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Jira

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...

104 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you