Crowd is used as a central identity management for all your Atlassian applications connected with it.
In combination with the SAML Single Sign On app, Crowd directory can still be used as user source via synchronization,
while at the same time all users within the Crowd-connected directory are fully supported to authenticate with the Single Sign On app to the Identity provider of your choice. 

However, there are three important points to be taken care of:

  1. Using Crowd with the SAML SSO app doesn't require any additional configuration, unless the Crowd's SSO Authenticator is enabled, which is NOT supported by the SAML SSO app.
    An active Crowd SSO Authenticator leads to unexpected authentication issues during the Single Sign On process.
    So if the Crowd SSO Authenticator is enabled, please disable it and re-enable the default authenticator: 

    • Jira – Shut down the application and open JIRA/atlassian-jira/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian JIRA - Point 2.2
       

    • Confluence – Shut down the application and open CONFLUENCE/confluence/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian Confluence - Point 2.2


    • Bitbucket – Shut down the application and open BITBUCKET/shared/bitbucket.properties with an editor:

      Delete or Comment out "plugin.auth-crowd.sso.enabled=true"

      Inverted way of Connecting Bitbucket Server to Crowd - Single sign-on (SSO) with Crowd

    • Bamboo – Shut down the application and open BAMBOO/webapp/WEB-INF/classes/seraph-config.xml with an editor:

      Uncomment "<authenticator class="com.atlassian.bamboo.user.authentication.BambooAuthenticator"/>"

      Comment out "<!--<authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>-->"

      Inverted way of Integrating Crowd with Atlassian Bamboo - Point 2.5

  2. Crowd doesn't enable SSO for all other connected applications with only one single SAML SSO app installed.
    In other words, if the SAML SSO app is for instance only installed in Jira, SSO is not automatically working on Confluence too, just because Crowd is connected.
    The SAML SSO app needs to be installed in every Atlassian application on which you want to use SSO.


  3. Ensure that users from Crowd have permission to access the application (e.g. default Jira application access group "jira-software-users").
    Otherwise Single Sign On fails.