Authenticated Anonymous Browsing

Jira, Confluence, and Bitbucket offer “anonymous browsing” to view public content without having an authenticated session. Kantega SSO Enterprise provides the ability to require users to authenticate with your identity provider, using SSO, to access anonymous content.

This enables your organization to save on license costs while maintaining secure access to all your content.

The SSO verification means that the users are not browsing truly anonymously since their identity is known. A session cookie is created the same way as a regular login, except that the session is not related to a local user in the host product. You can also not have truly public content while this feature is enabled, as accessing any content requires users to have a session.

Configuration

The setting can be activated in the Identity Provider settings, under USER PROVISIONING > Authenticated Anonymous Browsing.

As shown in the screenshot above, the Just-in-time provisioning settings affect how Authenticated Anonymous Browsing works since both features are related to the presence of user accounts. If Just-in-time provisioning is set to create users, this will take precedence over anonymous browsing.

The Group Memberships settings allow configuring conditions for when the user is created. This can be configured fluently with Authenticated Anonymous Browsing. For example, you can configure a policy in which users and group memberships are created automatically for all users logging in and belonging to the editor group in your identity provider. In contrast, all other users will fall back to browse “anonymously” after logging in with SSO.