Note : The information contained on this page does not create a joint venture, partnership, agency or other form of association, or an express or implied license grant by either party to the other under any patent, trademark, copyright, trade secret or other intellectual property right.
In a Single Sign-on environment a user will only have one username and one password to remember. Accessing bitbucket is simpler and quicker – once they’re logged onto their machine they won’t have to re-log-in each individual application.
Bitbucket Single Sign-On Add-On:
SAML Single Sign On (SSO) for Bitbucket allows users sign in to Bitbucket Server with your SAML 2.0 capable Identity Provider. We support all known IdPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ etc.SAML Single Sign on (SSO) acts as a SAML 2.0 Service Provider and securely authenticate users with your SAML 2.0 Identity Provider.
Features of Bitbucket Single Sign On addon:
- Unlimited Authentications via IDP
- Single Sign-On button on login page
- Step-By-Step Guide to Setup your IdP
- Advanced Attribute Mapping
- Advanced Role Mapping
- Enforce login with IDP
- SAML Single Logout
- Datacenter support
- Support for Multiple SAML IDPs*
* This is a PREMIUM feature with separate licensing. Contact us at email@example.com to get licensing plans for this feature.
Here are the Step by Step Guides to set up Jboss Keycloak, Bitium, G Suite, Centrify as IDP for Bitbucket.
In order to setup SSO for Bitbucket, you need to follow these steps:
Step 1: Download the plugin from marketplace and Install it in Bitbucket
- Login as administrator in Bitbucket.
- Click the administration and choose Add-ons.
- The Manage add-ons screen loads.
- Locate SAML Single Sign On for Bitbucket via search.
- Results include add-on versions compatible with your Bitbucket instance.
- Click Install to download the add-on.
Step 2: Register/Login with miniOrange using addon
- Click on Configure button after installing the add-on.
- Register with miniOrange using a simple form in add-on.
- If you are Already Registered with miniOrange, you can direclty login in to the plugin .
Step 3: Configuring the plugin
- Using IdP information user could add details in Configure SP.
- Provide the required settings (i.e. IdP Entity ID, IdP Single SignOn Service Url, X.509 certificate) in the plugin and save it.
|IdP Entity Id||https://auth.miniorange.com/moas|
|Single Sign On URL||https://auth.miniorange.com/moas/idp/samlsso|
|Identity Provider Certificate||Upload the certificate downloaded from miniOrange Admin Console|
|Username Attribute||Bitbucket Username|
|Login Button Text||miniOrange|
Any help needed related to configuring IdP contact us at firstname.lastname@example.org or call us at +1 978 658 9387.
Step 4: Test Configuration
- The below screenshot shows the successful result.
- This screenshot shows the attributes that are received and are mapped by attribute mapping.
Step 5: Attribute Mapping
- Attribute Mapping is used by the Identity Provider(IdP) and the Bitbucket group(SP) to map user information from IdP to SP
- Attribute Mapping helps you to get user attributes from your IdP and map them to Bitbucket user attributes .
- Attributes received in successful Test congiguration are used for Attribute Mapping.
- In Attribute Mapping details like username and NameID as shown in step 4 of Test Successful are mapped to Username and Email respectively.
- Also Full Name or Separate Name(i.e First and Last Name)attributes are given as options according to Bitbucket user attributes
- While auto registering the users in your Bitbucket group these attributes will automatically get mapped to your Bitbucket user details.
Step 6: Group Mapping(optional)
- Bitbucket plugin assigns roles to groups which are mapped against those groups.
- Bitbucket uses a concept of Groups, designed to give the site owner the ability to control what groups can and cannot do within the site.
- In Group Attribute enter the Attribute Name given against role value of Test Configuration for the user.
- Clicking Create Users checkbox will allow user creation for only those roles whose role is mapped to Bitbucket groups in Group Mapping tab. If unchecked, users whose groups are not mapped to Bitbucket groups, their group will be set as Default Group.
- Group mapping helps you to assign specific roles to users of a Bitbucket group from your IdP.
Step 7: SSO Sign In Settings
There are different ways to login to your Atlassian Bitbucket Website.