Integrated Windows Authentication / Kerberos gives the end-user access to Atlassian products without entering a username or password. It is typically used in an enterprise LAN and is the preferred choice for Windows domains and Microsoft Desktop environments.
IWA / Kerberos requires that client machines have access to a Key Distribution Center (KDC), which in the Windows world generally means Active Directory. For security reasons, AD is generally not reachable outside the local network/corporate intranet, making Kerberos mainly applicable within a company.
It is perfectly fine to combine IWA with other SSO mechanisms such as SAML or OpenID Connect (OIDC). In such a combination, IWA provides hassle-free login experiences when the user is present at his desktop machine in the office, while SAML / OIDC enables the user to log in when they are on the go outside the office or when accessing from cellphones or other non-Kerberos compatible devices.
Kantega SSO Enterprise for Bitbucket allows you to utilize the Kerberos protocol to authenticate users logging into Bitbucket as well as to authenticate their Git commands.