Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Configure Bitbucket(Date Center) with an Identity Provider using OIDC/SAML

Pradhan V
Pradhan V
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 17, 2024

We need to configure a self hosted(Data Center) instance of Bitbucket with an Identity Provider(IdP) called FusionAuth(https://fusionauth.io/).

We prefer to use Open ID Connect(OIDC) and if OIDC is not feasible, the other option is Security Assertion Markup Language(SAML).

  1. Are OIDC and SAML features supported for both Cloud as well as Data Center(self hosted) versions of Bitbucket?
  2. Is Atlassian Access subscription required to use OIDC/SAML in the Data Center(self hosted) version of Bitbucket?
  3. Are OIDC and SAML supported by Bitbucket(Data Center) natively or a plugin like Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket(https://marketplace.atlassian.com/apps/1213019/k-sso-saml-kerberos-openid-oidc-oauth-for-bitbucket) needs to be used?
  4. What are the other recommendations/limitations/restrictions to use OIDC/SAML in the Data Center(self hosted) version of Bitbucket?

Please share the documentations to setup OIDC/SAML for Data Center(self hosted) version of Bitbucket and any other documentation related to the OIDC/SAML setup for the Data Center(self hosted) version of Bitbucket.

The following documentations were referred to but for the above requirement, we need expert recommendations/suggestions.

Answer
Watch
Like Mahima_miniOrange_SSO likes this
488 views

1 answer

2 votes
Ashwini_More _miniOrange
Ashwini_More _miniOrange
Contributor
February 20, 2024

@Pradhan V ,

here are some points you can refer to.

1. The OIDC Support is not yet available in Atlassian Access which offers SSO for cloud. However generic configuration support with few configurations is available. It may be possible that FusionAuth isn't supporting the generic configuration and you may have to check it with the FusionAuth Team. Also, the native SSO support isn't available for all the Bitbucket Versions. Please check if your bitbucket version supports native SSO.

2. Atlassian Access isn't required for the Datacenter version. You can check out Native Offering or the Marketplace apps from here.

3. You can use the Marketplace apps as well. I would like to suggest miniOrange's App of SSO. It supports the custom OIDC /SAML integrations as part of their offering which will be helpful to configure with FusionAuth. You can checkout the apps from Marketplace:

SAML SSO App: https://marketplace.atlassian.com/apps/1216482/mo-bitbucket-saml-sso-single-sign-on-bitbucket-sso-login?hosting=datacenter&tab=overview

OIDC SSO App: https://marketplace.atlassian.com/apps/1219173/mo-oauth-openid-connect-oidc-for-bitbucket-sso?hosting=datacenter&tab=overview

4. The restrictions/recommendations are based on the use case you want to achieve. Please consult the experts for the same. We at miniOrange provide guidance/demos for our apps to suit your business case. You can raise a support request here for assistance.

Here are a few documents you can refer to set miniOrange SSO Apps

Setup SAML SSO with Bitbucket 

Setup OIDC SSO with Bitbucket

 

PS: I work at miniOrange, one of the Top SSO vendors in Atlassian Marketplace.

View More Comments
Pradhan V
Pradhan V
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 20, 2024

Thank you, @Ashwini_More _miniOrange .

1. The OIDC Support is not yet available in Atlassian Access which offers SSO for cloud. However generic configuration support with few configurations is available.

Could you please elaborate on "generic configuration support with few configurations is available"? Is it generic configuration for OIDC or SAML? Is there any documentation regarding the details of what is available and what is not available?

 

2. Atlassian Access isn't required for the Datacenter version.

Is Atlassian Access subscription mandatory to use OIDC/SAML in the Bitbucket cloud offering? 

 

3. Does Bitbucket cloud have native support for SAML? 

Please share the documentation for native SAML support with Bitbucket cloud and then we would be able to evaluate whether it fits with FusionAuth. If it doesn't, we may have to explore an SSO offering from a vendor like miniOrange. Can miniOrange be self hosted in case there are strict data residency requirements? 

Like
Ashwini_More _miniOrange
Ashwini_More _miniOrange
Contributor
February 21, 2024

@Pradhan V

Here are the answers you are looking for:

1. In Atlassian Access only SAML Support is available without JIT provisioning. Multiple features of JIT provisioning and Security related features such as Signing requests and Encryption requests are not available in Atlassian Access. You can find the documentation on the Atlassian site for the same.

2. Yes, the Atlassian Access subscription is required for the Bitbucket Cloud offering.

3. Currently, no such documentation is available on Atlassian for Connecting Bitbucket Cloud with FusionAuth. For miniOrange offerings, I suggest you raise a request to us from here for more details.

Like Sabine Mayer likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.