Kerberos

Integrated Windows Authentication / Kerberos gives the end-user access to Atlassian products without entering a username or password. It is typically used in an enterprise LAN and is the preferred choice for Windows domains and Microsoft Desktop environments. 

 

IWA / Kerberos requires that client machines have access to a Key Distribution Center (KDC), which in the Windows world generally means Active Directory. For security reasons, AD is generally not reachable outside the local network/corporate intranet, making Kerberos mainly applicable within a company.

For more details also check out the How Kerberos works guide.

Combine Kerberos with other SSO mechanism

It is perfectly fine to combine IWA with other SSO mechanisms such as SAML or OpenID Connect (OIDC). In such a combination, IWA provides hassle-free login experiences when the user is present at his desktop machine in the office, while SAML / OIDC enables the user to log in when they are on the go outside the office or when accessing from cellphones or other non-Kerberos compatible devices.

See more about the different Kerberos menu items here: