Crowd is used as a central identity management for all your Atlassian Server and Data Center applications connected with it.
In combination with the SAML Single Sign On app for Server and Data Center, Crowd directory can still be used as user source via synchronization,
while at the same time all users within the Crowd-connected directory are fully supported to authenticate with the Single Sign On app to the Identity provider of your choice. 

However, there are three important points to be taken care of:

  1. Using Crowd with the SAML SSO app doesn't require any additional configuration, unless the Crowd's SSO Authenticator is enabled, which is NOT supported by the SAML SSO app.
    An active Crowd SSO Authenticator leads to unexpected authentication issues during the Single Sign On process.
    So if the Crowd SSO Authenticator is enabled, please disable it and re-enable the default authenticator: 

    • Jira Server and Jira Data Center – Shut down the application and open JIRA/atlassian-jira/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class=""/>"

      Comment out "<!--<authenticator class=""/>-->"

      Inverted way of Integrating Crowd with Atlassian JIRA - Point 2.2

    • Confluence Server and Confluence Data Center – Shut down the application and open CONFLUENCE/confluence/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian Confluence - Point 2.2

    • Bitbucket Server and Bitbucket Data Center– Shut down the application and open BITBUCKET/shared/ with an editor:

      Delete or Comment out "plugin.auth-crowd.sso.enabled=true"

      Inverted way of Connecting Bitbucket Server to Crowd - Single sign-on (SSO) with Crowd

    • Bamboo – Shut down the application and open BAMBOO/webapp/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.bamboo.user.authentication.BambooAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian Bamboo - Point 2.5

  2. Crowd doesn't enable SSO for all other connected applications with only one single SAML SSO app for Atlassian Data Center or Server installed.
    In other words, if the SAML SSO app is for instance only installed in Jira Data Center, SSO is not automatically working on Confluence too, just because Crowd is connected.
    The SAML SSO app needs to be installed in every Atlassian Server or Data Center application on which you want to use SSO.

  3. Ensure that users from Crowd have permission to access the application (e.g. default Jira application access group "jira-software-users").
    Otherwise Single Sign On fails.