Community Announcements have moved! To stay up to date, please join the new Community Announcements group today. Learn more

×
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Request for Clarification: Dependency on Third-Party Plugins for Single Logout (SLO) in Atlassian Cr

kam
kam
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 25, 2025

Issue Context:
Atlassian Crowd provides robust SSO functionality, but the implementation of ​Single Logout (SLO) appears to require additional configuration or custom development. Based on documentation (e.g., Crowd Data Center 3.4 SSO 2.0), while Crowd supports cross-domain SSO and centralized authentication, there is no explicit guidance on native SLO capabilities. For example:

  • When users log out of Crowd, applications like Jira or Confluence may retain active sessions, indicating incomplete SLO.
  • Existing solutions (e.g., session validation via SSOCookieFilter or SAML integration) require custom code or third-party plugins.

Key Questions:

  1. Does Crowd natively support SLO without relying on third-party plugins or manual implementation (e.g., SAML/CAS protocol extensions)?
  2. If SLO is not natively supported, are there official recommendations for achieving global logout across integrated applications?
  3. Are there plans to enhance Crowd’s SLO capabilities in future releases (e.g., built-in SAML SLO endpoints or automated session termination)?

Relevant Documentation:

  • Crowd SSO 2.0 documentation mentions cross-domain SSO but lacks SLO details.
  • Integration guides (e.g., Microsoft Entra SSO, Bitbucket) emphasize authentication but not logout synchronization.

Suggested Improvements:

  • Provide native SLO workflows (e.g., SAML SLO support or centralized session invalidation).
  • Clarify whether third-party plugins (e.g., SAML IdPs) are mandatory for SLO.
Answer
Watch
Like # people like this
908 views

1 answer

0 votes
Satya Dusanapudi
Satya Dusanapudi
Contributor
August 13, 2025

Hello @kam ,

Welcome to the community. Crowd does not currently provide full native single logout (SLO) across all integrated applications. logging out of crowd will not automatically end active session in Jira, Confluence, Bitbucket, etc., unless extra steps take. 

 Atlassian's SSO 2.0 focuses on centralized authentication, but SLO required each app session to be explicitly terminated. Today, this typically achieved in one of two ways. 

  1. Using 3rd party SAML 0r CAS idP that supports SLO, so Crowd delegated authentication to the idP and relies on its logout process. 
  2. Custom development.

There is no built-in Crowd feature that automatically propagates a logout to all connected apps, and Atlassian has not announced native SLP support in upcoming releases. for now, the official recommendation is to use a supported SAML idP or implement custom logic for global session termination. 

KR,

Satya

Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security