Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleShow Page Tree structure

Page Tree
root@parent
startDepth1

Jira, Confluence , and Bitbucket offer “anonymous users” anonymous users to view public content without having an authenticated session.

In adddition Kantega SSO Enterprise provides the ability to require users to authenticate with their identity provider, using SSO, to access anonymous content in Jira and ConfluenceEnable SSO-Verified Anonymous Access in KSSO to allow users who do not have Jira or Confluence accounts to access Jira/Confluence anonymously while still benefiting from the security features of Single Sign-On. This enables your organization to save on license costs while maintaining secure access to all your content.

SSO-verification means that the users are not accessing Jira or Confluence truly anonymously since their identity is known. A session cookie is created the same way as in a regular login, except that the session is not related to a local user in the host product. With this feature enabled, it's important to note that truly public content is restricted. Accessing any content now mandates users to have an active session, ensuring a more controlled and secure environment.

Configure

...

SSO-

...

verified Anonymous Access in Kantega SSO Enterprise

Prerequisite

Anonymous access must be enabled in Jira/Confluence for this feature to work.

Examples, anonymous access in Jira and Confluence

...

Users that require editing rights will have to be provisioned with a license group in Jira/Confluence. This way only the users needing to edit will consume a license while those not created in Jira/Confluence will be given an anonymous access session as fallback.

How to configure in KSSO

  1. Select Identity Providers in the KSSO menu and choose the applicable Identity Provider, and IdP overview will open.

    idp overview.pngImage Added

  2. Select Identity providers → SSO verified Anonymous Access and enable the switch SSO-Verified Anonymous Access for the Identity provider.

    image-20240214-145820.pngImage Added

  3. Select Common → Force login. Enable the switch Require login to force anonymous users to login on public pages.

    force login.pngImage Added

  4. Configure Known domains in Kantega SSO Enterprise.
    To make users not in known domains to stay anonymous, select the option “Trust identity provider to log in users only from the known domains, but fallback to SSO-Verified Anonymous Access for other users.

    known domains option 3.pngImage Added


Configuring related settings in Kantega SSO Enterprise

As shown in the screenshot above, the The Just-in-time provisioning settings affect how Authenticated SSO-verified Anonymous Acess Access works since both features are related to the presence of user accounts. If Just-in-time provisioning is set to create users, this will take precedence over anonymous access.

The Group Memberships settings allow configuring conditions for when the user is created. This can be configured fluently with Authenticated SSO-verified Anonymous Access. For example, you can configure a policy in which users and group memberships are created automatically for all users logging in and belonging to the editor group in your identity provider. In contrast, all other users will fall back to “anonymous access” after logging in with SSO.