SSO MS AD & Crowd

Is it possible to have transparent SSO for Atlassian Tools Jira, Confluence, Crucible and Stash using Microsoft Active Directory for authentication and Crowd out of the box configured without any

additional third party plugin or software? Means: Log on to your workstation/PC and do not see any additional login screens accessing the Atlassian tools if not explicitly wanted.

5 answers

1 accepted

0 votes
Accepted answer

Crowd will provide you with SSO such that once you've entered in your login details (username and password) into one of the Atlassian applications (JIRA, Stash, Fisheye/Crucible, Confluence, or Crowd), then you will be automatically logged into other Atlassian applications.

Currently, Crowd does not provide functionality like "once you've logged onto your desktop, you're automatically logged into all Atlassian applications".

@Caspar Krieger : Is the functionality "once you've logged onto your desktop, you're automatically logged into all Atlassian applications"  now available with Crowd ? . So is it on the roadmap in the future release of Crowd ? using the MS AD integrated with Crowd...

Bruno Vincent Community Champion Jan 21, 2016

@sujit kumar, it is not available in Crowd out of the box, you will need the IWAAC plugin for this:

@sujit kumar It is not available out of the box - as per Bruno's comment you will need an add-on. Some, like IWAAC will still talk to Crowd on the authentication step, while there are other SSO plugins that do "true" SSO only talking to your Domain Controller at this stage.

If your application is configured to do something special in the context of authorization, group management etc. Crowd may still be used there, but for the purpose of SSO authentication becomes irrelevant. If SSO fails/not possible in the first place - the regular Crowd-backed login process will occur.

There is our marketplace reincarnation of NTLM Authenticator - EasySSO for all apps, that now also supports Kerberos, or others including IWAAC, there also vendors/experts who don't list theirs on marketplace, it is also possibly to "roll your own" with front-end webserver or I think CAS.

In other words extra costs any way.

My statement from 2 years ago is still correct. Please look into third party solutions if you need this functionality. (Apologies for the delay in replying; I was on leave.)

This is not possible. 3rd party plugins is what you will need.

Our NTLM Authenticators for Jira and Confluence support the latest versions of both applications.

TechTime Initiative Group, an Atlassian Expert in New Zealand has been providing a solution to do NTLM authentication (a.k.a auto-login or SSO in Windows environment) with Confluence and Jira for over 6 years.

We have over 60 customers successfully using this solution in New Zealand, Australia, Switzerland, Finland, Norway, Sweeden, France, Germany, Netherlands, Slovenia, Czech Republic, Turkey, Russia, Latvia, the UK and the USA both in NTLMv2 and NTLMv1 environments with and without Crowd in the backend.

The NTLM Authenticator is delivered as a jar file and instructions how to deploy it to Atlassian Jira and/or Confluence to work in conjunction with IOPlex Jespa to perform NLTM authentication in Windows environment.

The cost is one-off NZ$150 (plus fees for Jespa license payable to IOPlex). We do sell bundles that include IOPlex Jespa license.

If you need it, the trial version is available from our TurningRight website.

We are currently working on moving it to Marketplace (Jan/Feb 2014) and as byproduct eventually making it support the rest of Atlassian tools (planned for 2nd quarter of 2014)

0 votes

I've got close to that on one site. We weren't using MS AD, just LDAP hooked into Crowd. We got SSO for Jira, Confluence and Fisheye/Crucible working with that fine. Stash wasn't around at the time, but I suspect it's just as easy as the others. So I'd give you a tentative "yes" because if you can do this with LDAP and Crowd, you should be able to get there with MS AD as well.

Conclusion on these answers for me is:

Why paying that money for Crowd if we have a directory server that does the authentication and can do real SSO using a cheaper Third Party Plugin? Just for having additional Administration Level outside the directory server?

We'll have to think of dropping Crowd!

0 votes
Bruno Vincent Community Champion Nov 22, 2015

Hi Harald,

You might want to have a look at the Integrated Windows Authentication for Apps using Crowd (IWAAC) plugin:

IWAAC provides your Windows domain users with automatic logon on any application using Atlassian Crowd as its user management system, including Jira, Confluence, Bitbucket Server (previously known as Stash), Bamboo, FishEye, Crucible, Jenkins and G Suite (formerly Google Apps).

IWAAC is a generic plugin that works on all applications that are compatible with Crowd. Once you have purchased a proper license, you can deploy the plugin on as many applications (Confluence, Jira, Bamboo etc.) and server instances as you want since an IWAAC license is an Enterprise license that is valid for your entire organisation.

You can download IWAAC and test it for free at:



Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

971 views 3 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you