Crowd is used as Central identity management for all your Atlassian applications connected with. In relation to the SAML Single Sign On plugin, the connected Crowd directory can be used as user source via synchronization while at the same time all users within the Crowd's connected directory are fully supported to use Single Sign On via plugin. 

But there are three important points to take care of:

  1. Basically using Crowd with the SAML SSO add-ons doesn't require any additional configuration, unless the Crowd's SSO Authenticator is enabled. The Crowd's SSO Authenticator is NOT supported by the SAML SSO add-ons, because it can't handle the additional/changed functions. An active Crowd SSO Authenticator leads to unexpected authentication issues in the Single Sign On process. If the Crowd SSO Authenticator is enabled, please disable it and reenable the default authenticator: 

    • Jira – Shut down the application and open JIRA/atlassian-jira/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian JIRA - Point 2.2
       

    • Confluence – Shut down the application and open CONFLUENCE/confluence/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian Confluence - Point 2.2


    • Bitbucket – Shut down the application and open BITBUCKET/shared/bitbucket.properties with an editor:

      Delete or Comment out "plugin.auth-crowd.sso.enabled=true"

      Inverted way of Connecting Bitbucket Server to Crowd - Single sign-on (SSO) with Crowd

    • Bamboo – Shut down the application and open BAMBOO/webapp/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.bamboo.user.authentication.BambooAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian Bamboo - Point 2.5

  2. Crowd doesn't enable SSO for all other connected applications with only one single SAML SSO plugin installed. This means as example, if the SAML SSO plugin is only installed in Jira, the SSO is not automatically working on Confluence too, only because Crowd is connected. The SAML SSO plugin needs to be installed in every application on which the SSO is desired (Confluence in this example).

  3. Ensure that users from Crowd have access permission for the application (e.g. default application group "jira-software-users"), otherwise the Single Sign On fails.