Integrated Windows Authentication / Kerberos gives the end-user access to Atlassian products without entering a username or password. It is typically used in an enterprise LAN and is the preferred choice for Windows domains and Microsoft Desktop environments. 

 

IWA / Kerberos requires that client machines have access to a Key Distribution Center (KDC), which in the Windows world generally means Active Directory. For security reasons, AD is generally not reachable outside the local network/corporate intranet, making Kerberos mainly applicable within a company.

Combine Kerberos with other SSO mechanism

It is perfectly fine to combine IWA with other SSO mechanisms such as SAML or OpenID Connect (OIDC). In such a combination, IWA provides hassle-free login experiences when the user is present at his desktop machine in the office, while SAML / OIDC enables the user to log in when they are on the go outside the office or when accessing from cellphones or other non-Kerberos compatible devices.

Kerberos for Git

Kantega SSO Enterprise for Bitbucket allows you to utilize the Kerberos protocol to authenticate users logging into Bitbucket as well as to authenticate their Git commands.