Kantega Single Sign-on (SSO) gives you the easiest way to set up single sign-on for your Atlassian server products

We proudly provide support for the two single sign-on protocols Kerberos and SAML.

In addition, we have built connectors for synchronizing users and groups from popular cloud-based user directories. This enables you to manage your users' roles for your Atlassian server products in one centralized place.

Using our add-on makes it possible to combine Kerberos, SAML and regular username/password-based login flexibly set up in your own desire.

So what SSO solution do I choose, you say?

The two mechanisms we support , Kerberos and SAML, are what we reckon the most world-wide used and secure. They have at the same time quite different characters.

Kerberos

Kerberos is set up to offer “invisible” SSO by having your browser deliver what is called a Kerberos ticket to our add-on telling what user securely is loging in. Often Kerberos is a preferred solution in a Windows based environment where your login to the Windows machine will be used to establish your identity in the Atlassian server products. Kerberos has the restriction of requiring that the client machine has access to a KDC, Key Distribution Center in which Windows is an Active Directory. This makes it most preferable when users exist within a local area network.

SAML

SAML is a much more flexible and widespread solution than Kerberos. It offers you the ability to identify users in your Atlassian server products via all SAML 2.0 based services on the web. And there are probably thousands of these services. We have prepared wizard support or guides to the 10-15 most common of these, but you should be able to connect to all SAML 2.0 compatible services.

SAML is operating somewhat different than Kerberos. In SAML, when your users access the Atlassian server product without a valid login, they are redirected to an Identity Provider (IP) login portal. This is typically a centralized web service for establishing users’ identities. Typically, an organization will strive to set up all web solutions to use such a centralized IP based login portal making login for users recognizable.

This way SAML may be considered somewhat more “visible” to the user than Kerberos, but it does not require the user having access to a KDC.

In combination

Therefore, organizations often prefer to set up Kerberos for the most hassle-free login experience when the user is present at his desktop machine on the office. While SAML is set up in addition for enabling the user to log in when she is on the run outside the office or when accessing from cellphones or other non-Kerberos compatible devices.

Below you will find additional details about all the features of Kantega Single Sign-on.

And do not hesitate to contact us in case you have questions.

Sincerely, the Kantega Atlassian Support team

Support

We take pride in offering quick, relevant and effective support. If you have a problem, please reach out to us through our customer service portal or by mail.

See also our Kantega Single Sign-on FAQ