We are happy to announce special offers for miniOrange Atlassian SSO, 2FA, REST API, User Sync and Group Sync Apps.
Bitbucket SAML app gives the ability to enable SAML Single Sign On for Bitbucket Software. Bitbucket Software is compatible with all SAML Identity Providers. Here we will go through a guide to configure SSO between Bitbucket and your Identity Provider. By the end of this guide, users from your Identity Provider should be able to login and register to Bitbucket Software.
To integrate your Identity Provider(IDP) with Bitbucket, you need the following items:
All the information required to configure the Ping One as IDP i.e. plugin’s metadata is given in the Service Provider Info tab of the miniOrange SAML plugin.
Provide the SAML configuration details for the application.
1.Signing. In the dropdown list, select the signing certificate you want to use.
2.SAML Metadata. Click Download to retrieve the SAML metadata for Ping One. This supplies the Ping One connection information to the application.
3.Protocol Version. Select the SAML protocol version appropriate for your application.
4.Upload Metadata. Click Choose File to upload the application’s metadata file. The entries for ACS URL and Entity ID will then be supplied for you. If you do not upload the application metadata, you will need to enter this information manually. When you are manually assigning an Entity ID value, the Entity ID must be unique, unless you are assigning the Entity ID value for a private, managed application (an application that is supplied and configured by a PingOne for Enterprise administrator, rather than by an SP.
5.Single Logout Endpoint. The URL to which our service will send the SAML Single Logout (SLO) request using the Single Logout Binding Type that you select.
6.Single Logout Response Endpoint. The URL to which your service will send the SLO Response.
7.Single Logout Binding Type. Select the binding type (Redirect or POST) to use for SLO.
8.Primary Verification Certificate. Click Choose File to upload the primary public verification certificate to use for verifying the SP signatures on SLO requests and responses.
9.Signing Algorithm. Use the default value or select the algorithm to use from the dropdown list.
I.Encrypt Assertion. If selected, the assertions PingOne sends to the SP for the application will be encrypted.
II.Encryption Certificate: Upload the certificate from miniOrange plugin to use to encrypt the assertions.
III.Encryption Algorithm: Choose the algorithm to use for encrypting the assertions. We recommend AES_256 (the default), but you can select AES_128 instead.
IV.Transport Algorithm: The algorithm used for securely transporting the encryption key. Currently, RSA-OAEP is the only transport algorithm supported.
V.Force Re-authentication. If selected, users having a current, active SSO session will be re- authenticated by the identity bridge to establish a connection to this application.
With the Quick Setup method, you can get the SP metadata from the first step of adding an IDP. The steps to initiate Quick Setup are given below :
After completing the above steps, you will see the first step of the Quick Setup process. This step deals with setting up your IDP.
Here you will find your SP's metadata. You will need to provide this metadata to your IDP. There are two ways to add this metadata to your IDP.
If you wish to add the metadata manually, then you can choose By manually configuring the metadata on your IDP You will find the following information. These details will need to be provided to your IDP
The next step of the Quick Setup flow deals with setting up IDP metadata on SP. We will pick this up in the next section of the setup guide.
If you have chosen to add your IDP using the Quick Setup flow then you have already completed the first step, which is to add SP metadata to your IDP. Now you can proceed with the second step of the Quick Setup method
This step is where you will be adding your IDP metadata.
There are 3 ways in which you can add your IDP metadata. Use the drop-down to select any of the following methods :
Add your metadata URL in the Enter Metadata URL field.
Use the Choose File button to browse for your metadata file.
To configure the IDP manually, you will need to have the following details from your IDP's metadata.
Once you have added the IDP metadata, click on Save. If the IDP has been added successfully, then you will see a Test and Get Attributes URL. Copt this Url and paste it in separate window to Get the Attributes from IDP.
In this step you will be setting up basic user profile attributes for your SP
If you plan on customizing your IDP setup from the get go, you can find the metadata in the SP Metadata. Here you will find your SP's metadata. You will need to provide this metadata to your IDP. There are multiple ways to add this metadata to your IDP :
Depending on how your IDP accepts the metadata, you can either provide the metadata URL or you can use the Download Metadata button to download an XML file for the same.
If you wish to add the metadata manually,you will find the following information in this section. These details will need to be provided to your IDP.
The custom setup flow allows you to dive into the complete set of configurations that we provide to add a SAML Identity Provider. The steps to configure an IDP using the Custom Setup option are :
With the information you have been given by Your IDP team, you can configure IDP settings in 3 ways:
Go to Manual Configuration tab and enter the following details:
Next we will be setting up user profile attributes for Atlassian Application. The settings for this can be found in the User Profile section.
When the user logs into
Atlassian Application, one of the user's data/attribute coming in from the IDP is used to search the user in Atlassian Application. This is used to detect the user in Atlassian Application and log in the user to the same account.
You can configure it using steps given below:
Now we will be setting up user group attributes for Atlassian Application. You can replicate your user's groups present on IDP in your SP. There are multiple ways of doing this.
Enable 2FA/MFA for users & groups and let users configure 2FA during their first login.
Synchronize users, groups & directory with SCIM & REST APIs for Server/DC.
Secure your Bitbucket Data Center/Server REST API using API Tokens.