The miniOrange Crowd SSO connector expands the SAML SSO functionality from Crowd to its connected Atlassian applications.The Bitbucket Crowd SSO Connector allows users to enable SAML Authentication from any SAML compliant Identity Provider(IDP), where SAML SSO requests and responses to and from IDP will pass via the Crowd server. The IDP will perform user authentication while user permissions can still be controlled using Crowd.
Download and Installation
- Log into your Bitbucket instance as an admin.
- Navigate to the settings menu and Click Manage Apps.
- Click Find new apps or Find new add-ons from the left-hand side of the page.
- Locate SSO connector for Crowd and Bitbucket via search.
- Click Try free to begin a new trial or Buy now to purchase a license of SSO connector for Crowd and Bitbucket.
- Enter your information and click Generate license when redirected to MyAtlassian.
- Click Apply license.
- To configure the plugin, firstly configure Crowd SAML Single Sign-On (SSO) plugin for your Identity Provider as mentioned in the steps.
- Now, Enable Crowd SSO for your Bitbucket instance. You can find the steps to integrate your Crowd server with your Bitbucket instance here .
- Go to SSO Configuration tab of Bitbucket-Crowd Connector plugin.
- Enter Crowd Base URL and click on Save.
- Now, all the IdPs are listed that you have configured with SAML SSO Crowd plugin.
- Button Enable SSO is provided for every individual IdP. You can enable SSO for specific IdPs with the help of buttons.
There are two types of SSO Redirection
that can be done but if you require to enable SSO for all
the users, leave the Domain/Group Mapping field empty
1) Based on Domain Mapping
- In SSO configuration tab, navigate to SSO Redirection and choose Domains option from dropdown.
- Now, you need to add domain name against each IDP.
- After enabling Domain Mapping, it allows SSO only for those users whose domain matches with the specified one.
Single Sign-On using Domain mapping
- Enter the user's email address. It checks your domain name with the configured domain if it matches then it will redirect you to the respective Identity Provider Login page.
- This is how the login screen would appear after enabling domain mapping.
2) Based on Group Mapping
- In SSO configuration tab, navigate to SSO Redirection and choose Groups option from dropdown.
- Now, you need to add Group name against each IDP.
- After enabling Group Mapping, it allows SSO only for those users whose group matches with the specified one.
Single Sign-On using Group mapping
- Enter the username. It checks for your group name and will redirect you to the respective Identity Provider Login page.
- This is how the login screen would appear after enabling group mapping.
- Go to SSO Redirection Tab.
- Set button text for login page using Login Button Text
- Enable Auto-redirect to IDP if you want to force users to login only using IDP.
- In Logout Redirection, Set Logout URL or Logout Template to redirect users after logout action.
If you are looking for anything which you cannot find, please drop us an email on email@example.com