Atlassian’s applications Jira, Confluence and Bitbucket offer “anonymous browsing” for users to view public pages without having a logged in user with group rights in the host product. Kantega SSO offers an authenticated anonymous browsing, where all users have to authenticate with SSO to get access to even public pages. However, for example, users that don’t need a local user on Bitbucket, will do not have to get a user to have secure SSO-verified access to company-public pages on an instance running on the internet.
This enables your organization to save licenses, since company-public pages can be browsed and viewed securely without the entire organization having to create a user on the instance.
Note that the SSO verification means that the users are not browsing truly anonymously since their identity is known, but get a session cookie in their browser that lives in the same way that a normal login, only that they have no local user and no groups or rights.
Configuration
The setting can be activated on in the Identity Provider settings, under USER PROVISIONING > Authenticated Anonymous Browsing.
Configuring related settings in Kantega SSO Enterprise
Like shown in the yellow message box in the screenshot above, the settings under Just-in-time provisioning have an effect on Authenticated Anonymous Browsing since they both are mechanisms related to the presence of user accounts. This has further implications if you configure Group Memberships, where you can configure conditions for when the user shall be created. This can be configured fluently with Authenticated Anonymous Browsing. For example, you can configure a policy where all users belonging to the “Developers” group in your SSO Identity Provider get users and group memberships created automatically in Bitbucket, while all other users will fall back to browse Bitbucket “anonymously”, after logging in with SSO.