Securing your instance with Kantega SSO Enterprise

One of the primary functions of Kantega SSO Enterprise is to provide additional methods for logging in users and services. Another increasingly important role is enforcing user login at appropriate times. This capability is featured in solutions such as:

• Force login

• SSO-verified Anonymous Access

These features enable Kantega SSO to act as a gateway that prevents unauthorized access to publicly available content by requiring users to log in, even if the content is otherwise anonymously accessible.

When serving this protective role, it is crucial that Kantega SSO remains active. Disabling or uninstalling the app may expose sensitive content to anyone without restriction. If you have publicly accessible content in your Atlassian instance that’s protected solely by Kantega SSO, and it should not be available without authentication, you should consider implementing an additional safeguard in front of your Atlassian site.

One approach is to configure a reverse proxy or firewall to block access if Kantega SSO is unavailable. This can be achieved using a script that regularly checks the availability of the Kantega SSO service. Kantega SSO includes a built-in REST ping endpoint that can be queried like this:

curl --insecure https://<your_atlassian_service>/rest/ksso/api/info/1.0/ping -u user:password

When Kantega SSO is functioning properly, it will return a response similar to:
{
"datetime": "2025-12-15T10:37:58.284382416+01:00",
"response": "pong",
"timestamp": 1765791478284
}%

The user in the request can be any valid user in your Atlassian instance. No special roles, groups, or permissions are required.