Is it possible to have transparent SSO for Atlassian Tools Jira, Confluence, Crucible and Stash using Microsoft Active Directory for authentication and Crowd out of the box configured without any
additional third party plugin or software? Means: Log on to your workstation/PC and do not see any additional login screens accessing the Atlassian tools if not explicitly wanted.
Crowd will provide you with SSO such that once you've entered in your login details (username and password) into one of the Atlassian applications (JIRA, Stash, Fisheye/Crucible, Confluence, or Crowd), then you will be automatically logged into other Atlassian applications.
Currently, Crowd does not provide functionality like "once you've logged onto your desktop, you're automatically logged into all Atlassian applications".
@sujit kumar It is not available out of the box - as per Bruno's comment you will need an add-on. Some, like IWAAC will still talk to Crowd on the authentication step, while there are other SSO plugins that do "true" SSO only talking to your Domain Controller at this stage.
If your application is configured to do something special in the context of authorization, group management etc. Crowd may still be used there, but for the purpose of SSO authentication becomes irrelevant. If SSO fails/not possible in the first place - the regular Crowd-backed login process will occur.
There is our marketplace reincarnation of NTLM Authenticator - EasySSO for all apps, that now also supports Kerberos, or others including IWAAC, there also vendors/experts who don't list theirs on marketplace, it is also possibly to "roll your own" with front-end webserver or I think CAS.
In other words extra costs any way.
This is not possible. 3rd party plugins is what you will need.
Our NTLM Authenticators for Jira and Confluence support the latest versions of both applications.
TechTime Initiative Group, an Atlassian Expert in New Zealand has been providing a solution to do NTLM authentication (a.k.a auto-login or SSO in Windows environment) with Confluence and Jira for over 6 years.
We have over 60 customers successfully using this solution in New Zealand, Australia, Switzerland, Finland, Norway, Sweeden, France, Germany, Netherlands, Slovenia, Czech Republic, Turkey, Russia, Latvia, the UK and the USA both in NTLMv2 and NTLMv1 environments with and without Crowd in the backend.
The NTLM Authenticator is delivered as a jar file and instructions how to deploy it to Atlassian Jira and/or Confluence to work in conjunction with IOPlex Jespa to perform NLTM authentication in Windows environment.
The cost is one-off NZ$150 (plus fees for Jespa license payable to IOPlex). We do sell bundles that include IOPlex Jespa license.
If you need it, the trial version is available from our TurningRight website.
We are currently working on moving it to Marketplace (Jan/Feb 2014) and as byproduct eventually making it support the rest of Atlassian tools (planned for 2nd quarter of 2014)
I've got close to that on one site. We weren't using MS AD, just LDAP hooked into Crowd. We got SSO for Jira, Confluence and Fisheye/Crucible working with that fine. Stash wasn't around at the time, but I suspect it's just as easy as the others. So I'd give you a tentative "yes" because if you can do this with LDAP and Crowd, you should be able to get there with MS AD as well.
Conclusion on these answers for me is:
Why paying that money for Crowd if we have a directory server that does the authentication and can do real SSO using a cheaper Third Party Plugin? Just for having additional Administration Level outside the directory server?
We'll have to think of dropping Crowd!
You might want to have a look at the Integrated Windows Authentication for Apps using Crowd (IWAAC) plugin: https://marketplace.atlassian.com/plugins/com.cleito.iwaac/server/overview
IWAAC provides your Windows domain users with automatic logon on any application using Atlassian Crowd as its user management system, including Jira, Confluence, Bitbucket Server (previously known as Stash), Bamboo, FishEye, Crucible, Jenkins and G Suite (formerly Google Apps).
IWAAC is a generic plugin that works on all applications that are compatible with Crowd. Once you have purchased a proper license, you can deploy the plugin on as many applications (Confluence, Jira, Bamboo etc.) and server instances as you want since an IWAAC license is an Enterprise license that is valid for your entire organisation.
You can download IWAAC and test it for free at: https://www.cleito.com/products/iwaac/
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG