Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Section



Column
width750px

Welcome to the

Kantega Single Sign-

...

On (SSO)

...

We proudly provide support for both the two single sign-on protocols Kerberos and SAML.

In addition, we have built connectors for synchronizing users and groups from popular cloud-based user directories. This enables you to manage your users' roles for your Atlassian server products in one centralized place.

Using our add-on makes it possible to combine Kerberos, SAML and regular username/password-based login flexibly set up in your own desire.

So what SSO solution do I choose, you say?

The two mechanisms we have chosen to have support for, Kerberos and SAML, are what we reckon as the most world-wide used and secure. They have at the same time quite different characters.

Kerberos is set up to offer “invisible” SSO by having your browser deliver what is called a Kerberos ticket to our add-on telling what user securely log in. Often Kerberos is a preferred solution in a Windows based environment where your login to the Windows machine will be used to establish your identity in the Atlassian server product. Kerberos has the restriction of requiring that the client machine has access to a KDC, Key Distribution Center which in Windows is an Active Directory. This makes it most preferable when users exist within a local area network.

SAML is a much more flexible and widespread solution than Kerberos. It offers you the ability to identify users in your Atlassian server products via all SAML 2.0 based services on the web. And there are probably thousands of these services. We have prepared wizard support or guides to the 10-15 most common of these, but you should be able to connect to all SAML 2.0 compatible services.

SAML is operating somewhat different than Kerberos. In SAML, your users are, when they access the Atlassian server product without a valid login, redirected to an Identity Provider (IP) login portal. This is typically a centralized web service for establishing users’ identities. Typically, an organization will strive to set up all web solutions to use such a centralized IP based login portal making login for users recognizable.

This way SAML may be considered somewhat more “visible” to the user than Kerberos, but it does not require the user having access to a KDC.

Therefore, organizations often prefer to set up Kerberos for the most hassle-free login experience when the user is present at his desktop machine on the office. While SAML is set up in addition for enabling the user to log in when she is on the run outside the office or when accessing from cellphones or other non-Kerberos compatible devices.

Below you will find additional details about all the features of Kantega Single Sign-on.

And do not hesitate to contact us in case you have questions.

Sincerely, the Kantega Atlassian Support team

Support

We take pride in offering quick, relevant and effective support. If you have a problem, please reach out to us through our customer service portal or by mail.

See also our Kantega Single Sign-on FAQ

Kerberos

Kerberos SSO gives the end user access to Atlassian products without entering a user name and password. Kerberos is typically used in an enterprise LAN, and is the preferred choice for Kerberos domains such as Windows domains and Microsoft Desktop environments.

Configuring Kerberos Single Sign-on

Addiotional guides

Troubleshooting

SAML

The SAML standard facilitates secure exchange authentication and authorization information, so users are allowed to login to the Atlassian products through third party identity providers.

Configuring SAMLSingle Sign-on

Troubleshooting

Connectors

Kantega SSO version 3 introduces the new Cloud connectors feature, that gets your Atlassian user directories synced to cloud directories.

Configuring Cloud Connectors

...

Documentation

SSO for Jira, Confluence, Bitbucket, Bamboo and FeCru.


Column




Image Added

Section


Column
width750px


HTML
<script>
var idelem = 
		document.getElementById("title-text");
idelem.style.visibility = "hidden";
function kssounselect(){
	var elems = 
        document.getElementsByClassName("ksso--content--guide");


	var i;
	for (i = 0; i < elems.length; i++) {
	    elems[i].style.display = "none";
	}
}


function kssoselectGuide(guideName){
	var elem = 
		document.getElementById(guideName+"Guide");


	elem.style.display = "block";
}

function kssohandleLinkClick(guide){
	kssounselect();
	kssoselectGuide(guide);
}


</script>


<section class="ksso--card">
  <div class="ksso--imgbox">
    <img class="ksso--imgbox--img" src="https://docs.kantega.no/download/attachments/819213/kompass.png" />
  </div>


  <div class="ksso--contentbox">
    <div id="guideSelectorGuide" class="ksso--content--guide">
      <h2 class="ksso--cardribbon">Getting started</h2>
      <p>Select where you manage your users, and your setup guide will appear.</p>
      <p>If you have more that one location, you can add more later.</p>
      <div class="ksso--topmargin">
        <!-- Trigger -->
        <a href="#saml-links-trigger" style="text-decoration:none;margin:20px;background-color:#172B4D;">
          <button
            class="aui-button aui-button-primary aui-dropdown2-trigger"
            aria-owns="saml-links"
            aria-haspopup="true"
            style="background-color:#CC2029;"
          >
            Where are your users managed?
          </button>
        </a>

        <!-- Dropdown -->
        <div id="saml-links" class="aui-style-default aui-dropdown2">
          <div class="aui-dropdown2-section">
            <div class="aui-dropdown2-heading"><strong>On premise</strong></div>
            <ul>
              <li><a href="#" onclick="kssohandleLinkClick('ad')">AD (Active Directory)</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('adfs')">AD with ADFS</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('keycloak')">Keycloak</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('pingfederate')">Ping federate</a></li>
            </ul>
          </div>
          <div class="aui-dropdown2-section">
            <div class="aui-dropdown2-heading"><strong>Cloud</strong></div>
            <ul>
              <li><a href="#" onclick="kssohandleLinkClick('azuread')">Azure AD / Office 365</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('gsuite')">GSuite</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('okta')">Okta</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('onelogin')">OneLogin</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('pingone')">PingOne</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('auth0')">Auth0</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('authanvil')">Authanvil</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('bitium')">Bitium</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('duo')">Duo</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('salesforce')">Salesforce</a></li>
              <li><a href="#" onclick="kssohandleLinkClick('wso2')">WSO2</a></li>
            </ul>
          </div>

          <div class="aui-dropdown2-section">
            <div class="aui-dropdown2-heading"><strong>General</strong></div>
            <ul>
              <li>
                <a href="https://docs.kantega.no/display/KA/Any+other+SAML+2.0+provider">Any SAML 2.0 compliant IDP</a>
              </li>
            </ul>
          </div>
        </div>
      </div>
    </div>

    <!-- panels -->
    <div id="azureadGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Azure AD / Office 365</h2>
      <p>With Azure AD you can set up both <b>SAML Single Sign On</b> and <b>connectors for Cloud User Provisioning</b>.</p>

      <p>SAML SSO enables users on any client (both mobile and desktop) get Azure login to the Atlassian products.</p>

      <p>
        <a href="https://docs.kantega.no/display/KA/Azure+AD" class="ksso-guide-link"
          >Setup guide for enable SSO with Azure AS</a
        >
      </p>

      <p>
        Cloud user provisions gives a clean architecture by keeping Atlassian user and access management in your GSuite
        cloud. Whenever a user is created, removed or changes roles, this is synchronized through the connector to your
        favorite Atlassian products. The cloud connector creates a virtual user directory that your Atlassian products
        see containing all your users and groups
      </p>
      <p>
        <a href="https://docs.kantega.no/display/KA/Cloud+user+provisioning" class="ksso-guide-link"
          >Setup guide for Azure AD user provisioning</a
        >
      </p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="gsuiteGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Google GSuite</h2>
      <p>With GSuite, you can setup both <b>SAML Single Sign On</b> and <b>Cloud User Provisioning</b>.</p>
      <p>
        SAML SSO works on both mobile and desktop clients and gives your users GSuite login to the Atlassian products.
      </p>

      <p><a href="https://docs.kantega.no/display/KA/Google+GSuite">GSuite sso setup guide</a></p>

      <p>
        Cloud user provisions gives a clean architecture by keeping Atlassian user and access management in your GSuite
        cloud. Whenever a user is created, removed or changes roles, this is synchronized through the connector to your
        favorite Atlassian products. The cloud connector creates a virtual user directory that your Atlassian products
        see containing all your users and groups
      </p>

      <p><a href="https://docs.kantega.no/display/KA/Cloud+user+provisioning" class="ksso-guide-link">GSuite user provisioning guide</a></p>

      <div class="ksso--topmargin">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="oktaGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Okta</h2>
      <p>With Okta, you can setup both <b>SAML Single Sign On</b> and <b>Cloud User Provisioning</b>.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users Okta login to the Atlassian products.
      </p>

      <p><a href="https://docs.kantega.no/display/KA/Okta">Okta sso setup guide</a></p>

      <p>
        Cloud user provisions gives a clean architecture by keeping Atlassian user and access management in your Okta
        cloud. Whenever a user is created, removed or changes roles, this is synchronized through the connector to your
        favorite Atlassian products. The cloud connector creates a virtual user directory that your Atlassian products
        see containing all your users and groups
      </p>
      <p><a href="https://docs.kantega.no/display/KA/Okta" class="ksso-guide-link">Okta provisioning setup guide</a></p>

      <div class="ksso--content--guide--backselector">
        <p><a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a></p>
      </div>
    </div>

    <div id="oneloginGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with OneLogin</h2>
      <p>With OneLogin you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users OneLogin login to the Atlassian products.
      </p>
      <p><a href="https://docs.kantega.no/display/KA/OneLogin" class="ksso-guide-link">OneLogin sso setup guide</a></p>
      <div class="ksso--content--guide--backselector">
        <p><a href="#" onclick="kssohandleLinkClick('guideSelector')">reset selector</a></p>
      </div>
    </div>

    <div id="pingoneGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Ping One</h2>

      <p>With Ping One you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users Ping One login to the Atlassian products.
      </p>
      <p><a href="https://docs.kantega.no/display/KA/PingOne" class="ksso-guide-link">Ping One sso setup guide</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="auth0Guide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Auth0</h2>
      <p>With Auth0 you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users Auth0 login to the Atlassian products.
      </p>
      <p><a href="https://docs.kantega.no/display/KA/Auth0">Setup guide for Auth0</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="authanvilGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with AuthAnvil</h2>
      <p>With AuthAnvil you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users AuthAnvil login to the Atlassian products.
      </p>
      <p><a href="https://docs.kantega.no/display/KA/AuthAnvil" class="ksso-guide-link">AuthAnvil setup guide</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="bitiumGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Bitium</h2>
      <p>With Bitium you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users Bitium login to the Atlassian products.
      </p>

      <p><a href="https://docs.kantega.no/display/KA/Bitium" class="ksso-guide-link"> Setup guide for Bitium</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="duoGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Duo</h2>
      <p>With Duo you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>SAML SSO works on both mobile and desktop clients and gives your users Duo login to the Atlassian products.</p>
      <p><a href="https://docs.kantega.no/display/KA/Duo" class="ksso-guide-link">Setup guide for Duo</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="salesforceGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Salesforce</h2>
      <p>With Salesforce you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users Salesforce login to the Atlassian
        products.
      </p>
      <p><a href="https://docs.kantega.no/display/KA/Salesforce" class="ksso-guide-link">Setup guide for SSO with Salesforce</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="wso2Guide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Salesforce</h2>
      <p>With WSO2 you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users WSO2 login to the Atlassian products.
      </p>
      <p><a href="https://docs.kantega.no/display/KA/WSO2" class="ksso-guide-link">Setup guide to SSO with WSO2</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <!-- on premise -->
    <div id="keycloakGuide" class="ksso--content--guide" style="display:none;">
      <h2 class="ksso--cardribbon">Getting started with Keycloak</h2>
      <p>With Keycloak you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</p>

      <p>
        SAML SSO works on both mobile and desktop clients and gives your users Keycloak login to the Atlassian products.
      </p>

      <p><a href="https://docs.kantega.no/display/KA/Keycloak" class="ksso-guide-link">Keycloak guide</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="pingfederateGuide" class="ksso--content--guide" style="display:none;">
      <p><b>With Ping Federate you can setup <b>SAML Single Sign On</b> to the Atlassian server and data center products.</b></p>
	  <p>
        SAML SSO works on both mobile and desktop clients and gives your users Ping login to the Atlassian products.
      </p>

      <p><a href="https://docs.kantega.no/display/KA/Ping+Federate" class="ksso-guide-link">Ping Federate guide</a></p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="adfsGuide" class="ksso--content--guide" style="display:none;">
      <p>ADFS allows you to setup both <b>Integrated Windows Authentication (Kerberos)</b> and <b>SAML</b> - <i>also in combination</i>.</p>

      <p>
        IWA / Kerberos authenticates users on trusted internet zones automatically through their windows session -
        <b>no need to type username and password.</b>
      </p>
      <p>
        <a href="https://docs.kantega.no/pages/viewpage.action?pageId=819313"
          >Setup guide for Integrated Windows Authentication</a
        >
      </p>

      <p>
        SAML allows users to log in from any location and with any device through the ADFS identity provider.
        <a href="https://docs.kantega.no/display/KA/AD+FS" class="ksso-guide-link">Setup guide for ADFS</a>
      </p>
      <div class="ksso--content--guide--backselector">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </div>
    </div>

    <div id="adGuide" class="ksso--content--guide" style="display:none;">
      <p>
        With Microsoft Active Directory you can setup <b>Integrated Windows Authentication (Kerberos)</b> and give users on
        trusted networks the a <b>completely password-free</b> login experience.
      </p>
      <p>
        <a href="https://docs.kantega.no/pages/viewpage.action?pageId=819313" class="ksso-guide-link"
          >Setup guide for Integrated Windows Authentication</a
        >
      </p>
      <p class="kssotopmargin">
        <a href="#" onclick="kssohandleLinkClick('guideSelector')" style="color:silver;">reset selector</a>
      </p>
    </div>
  </div>
</section>


--Or just jump straight to one of our guides--


Setup guide for Integrated Windows Authentication (Kerberos) with AD

Integrated Windows Authentication

Setting up Kerberos for Mac users (coming soon)

Setup guides for SAML

Section



Column

Cloud directories

Azure AD / Office 365

Google GSuite

Okta

OneLogin

PingOne

Auth0

AuthAnvil

Bitium

Duo

Salesforce

WSO2


Column

On premise solutions

Keycloak

Ping Federate

AD FS


General

Any other SAML 2.0 provider



Cloud User Provisioning

Azure AD / Office 365

Google GSuite

Okta




Column