SecSign ID Plugin: Bitbucket

2018-03-20 12 minutes to read

Two-Factor-Authentication with SecSignID for Bitbucket

This tutorial describes how to set up the SecSignID-Plugin for your Bitbucket-System to increase login security.

Overview

Overview

Bitbucket is a web application for version control repository hosting service that can be used for source code and development process. It was developed by the company Atlassian. Bitbucket has comprehensive features and a high adaptability.Thus, the functionality of Bitbucket can be optionally expanded or adapted by using plugins (add-on’s).
SecSign ID is a plugin for real two-factor authentication (2FA) for Bitbucket. 2FA adds another layer of security to your installation by using a second token. In this case the physical token is your smartphone.

If you need more information about about two-factor authentication have a look at the Bitbucket Marketplace or our Atlassian Landing Page.

Bitbucket has to be set up before installing the plugin.

Please read the Bitbucket Installation and Setup Tutorial if you need to set up Bitbucket.

Questions? Please contact us for assistance with installing the JIRA Plugin or if you are looking for alternative plugins for other environments.

Contact

Installation

Plugin Installation

Due to the universal plugin manager by Atlasssian the installation of the plugin is very simple.

  1. Log into your Bitbucket system as administrator
  2. Go to the administration of the add-ons via the administration menu
  3. Search for ’SecSign Bitbucket’ and click on ‘Install’

Another option is the download of the SecSign ID plugin from Atlasssian Marketplace. For installation you can upload the plugin into Bitbucket.

Just go to administration of the add-on’s on the administration menu and choose ‘Manage Add-Ons‘. At this point you can upload the SecSign ID plugin. In the add-on administration you have also the possibility to activate or deactivate the plugin.

bitbucket-admin-menu1

After the installation of the plugin you can set up the installation and the first ID (2FA user name) by working through the Intro Tutorial that is automatically displayed on the first use of the plugin. A short tutorial on the individual steps of the introduction tutorial are available below.
If you already worked through the tutorial or if you want to skip the tutorial, you can go directly to the individual parts of this documentation.
You can access the intro tutorial at any time by navigating to the plugin main page and select “Replay intro”.

Intro – Setting up the first ID for the administrator

Intro Tutorial Details
2FA Rollout and Activation

2FA Rollout and Activation

Every single Atlassian setup is different and each company has individual requirements. SecSign offers numerous options for 2FA rollout and onboarding for the users to support your requirements ideally. All options are available to choose from in the SecSign ID plugin settings backend.

The first parts of this chapter cover the 2FA rollout for existing Bitbucket users. To activate 2FA when creating a new user, please navigate to “Create new user”.

If you have additional requirements that are not covered with the default settings, or if you have any questions, please contact us for a personalized consultation.

Contact

2FA Batch Rollout for high user volumes (most popular option)

The easiest method to activate 2FA for a setup is the 2FA activation for individual groups. This option activates 2FA for entire groups at once. You can either have the administrator choose the ID (2FA app user name) pattern for a consistent ID pattern for all users (for example johnsmith@yourcompany), or the user choose his ID individually.

Activate 2FA for entire user groups in one step

\

You can activate the 2FA comfortably for entire user groups in one setting. This option can be found in the Backend of the SecSign ID plugin at “2FA Activation”.


\

For the activation of 2FA fore entire user groups you can specify a pattern for the SecSign ID (2FA user name) that is applied to the entire group. Each 2FA user name for the group members is created using that pattern, without any additional input required by the administrator.

Additional details about the 2FA activation for entire groups can be found in the chapter “Batch-Rollout”.

Administrator-led: Batch-Rollout with predefined pattern for user groups

Overview – Administrative point of view

1.

The administrator chooses an ID-pattern in the plugin settings, which is based on the company name.

Overview – User point of view

2.

The user logs into Bitbucket in the way he is used to (user name and password). The Bitbucket login is already displaying the SecSign ID design, which can be customized to fit the company color scheme.

3.

After the successful login, links to download the SecSign ID app and the QR code for the 2FA activation are displayed. The user can download the app and scan the QR code to activate his ID on his device. In case the user prefers the Desktop 2FA app, he can simply enter he code on his desktop.



4.

After downloading the SecSign ID app, he can start the QR code pairing in the app.

To ensure advanced security you can initiate an additional Email code sent to the Email address associated with the Atlassian account of the user. The user has to provide this code to activate the 2FA for his account. You can activate this option in the plugin settings.

5.

The SecSign ID is successfully created.
To finalize the SecSign ID generation process, the user will perform his first two-factor authentication by selecting his ID (if the process does not automatically start). The account is protected with 2FA after the first successful authentication. For the next logins, the user needs to perform 2FA to get access to his account. The QR-onboarding process is only relevant for the first activation and does not need to be repeated for subsequent logins.



Login – User point of view

To access Bitbucket, the user needs to authenticate with the SecSign ID app and his ID. The first authentication automatically starts after the user activated his ID in the app.

1.

The user logs in with his user name and password, just like he is used to.

2.

An access symbol is displayed to the user on the screen.

3.

He selects the respective symbol in his app to verify the login.

For subsequent logins, the user can use the two-factor authentication.

Detailed information

One option to roll out 2FA for your user groups is to define the ID patter (user name in the app) by the administrator. He can choose the pattern and thus, define the user name for every user in that group, in one simple step.
One example is the rollout for all users in the administrator group to receive an ID with the suffix „-admin@yourcompany“. By defining the pattern „%username%-admin@yourcompany“, the administrator predefines the ID for every single administrator in one step, without the need for additional steps in the individual user accounts. The individual IDs are automatically created and added to the individual accounts in the group.

The users in the group are then presented with the QR-code pairing option during their next login. They can download the SecSign ID app and add the ID to it by following the steps of the QR-code procedure. Activating the ID in the app is as simple as scanning the QR code (for iOS users scanning the QR code with the photo app is sufficient). After activating their ID on their app they can start using it right away.

If your users already created an ID in the app you can add them and select “Save”. That way the IDs are not created but only linked to the individual user account.

User led: Batch-Rollout with unrestricted user ID selection

Overview – Administrator point of view

1.

The administrator activates the option for users to choose their own ID (user name in the SecSign ID app) during the next login.


2.

The user logs in with his user name and password, just like he is used to.

3.

He is presented with the option to add an ID (user name in the SecSign ID 2FA app) to his account. He can choose if he wants to add an ID he already created (existing ID), or create a new ID for his account. If the user already created an ID in his app he can add it here and use it for authentication right away.

3.

If the user did not yet create an ID he can generate a new ID and is automatically directed to the QR-code activation option (see QR-code pairing). He can then create a new ID and activate it in his app automatically.




Login – User point of view

To access Bitbucket, the user needs to authenticate with his app and his ID. The first authentication is automatically started after the user activated his ID in the app.

1.

The user logs in with his user name and password, just like he is used to.

2.

An access symbol is displayed to the user on the screen.

3.

He selects the respective symbol in his app to verify the login.


For subsequent logins, the user can use the two-factor authentication.

Detailed information

You can offer your users an unrestricted choice of their ID (user name in the SecSign ID 2FA app) during their next login.

Option 1: The user has not yet created an SecSign ID (user name in the 2FA app)

The user is presented with the option to create an ID for the SecSign ID app. To create the ID he enters it in the respective entry field. If the ID is still available, he is presented with the QR code to activate the ID, as well as download links for the app on the different platforms (iOS, Android,…). He can then download the app and scan the QR code with his phone (for iOS he can use the default photo app, or the SecSign ID app). By scanning the QR code his new ID is automatically created in his app. He can then start using the two-factor authentication right away without additional assistance required by the administrator.

Option 2: The user already created a SecSign ID

If the user already created a SecSign ID (2FA user name) in the SecSign ID app and wants to use this ID, he can select “I already have a SecSign ID”. This option will allow him to add his existing ID to his account. He can then use this ID right away to authenticate, without additional assistance required by the administrator.

Assign individual IDs via Bitbucket user management

SecSign offers alternative options for rollout, as well as individual customized solutions to fit your requirements. You can choose between batch enrollment, individual enrollment by the administrator as well as user-based sign-up.

A manual and individual enrollment is ideal for small user groups or to test the integration. To conveniently rollout 2FA in batch for larger groups, please refer to the chapter “22FA Batch Rollout for high user volumes”.

Administrator-led: Create a new SecSign ID for individual users

Overview – administrator point of view

1.

If the user has not yet created a SecSign Id in his app (user name in the SecSign ID app), you can reserve an ID for him and add it to his account. At the next login the user is presented with the QR-code enrollment after successfully logging in with his user name and password. With the QR-code enrollment he can install the app and activate his ID in just a few simple steps, without additional action required from the administrator. The ID is ready to use right away.
The administrator can assign the ID to the user both in the plugin backend and the Bitbucket user management interface.

Option 1: Assign ID via Bitbucket Backend > User management


Option 2: Assign ID via Bitbucket user management > users > select individual user

Overview – user point of view

2.

If you created a new SecSign ID for the user, he has to activate it in his app before he can use it. First, he needs to download the app from the app store (download links are provided for him during his next login). He can then activate his ID in his app by following the steps of the QR Code procedure, after successfully authenticating with his user name and password.

3.

After authenticating with his user name and password the user is presented with the download links for the SecSign ID app and the QR code to activate his in ID in the app. To activate his ID he simply has to scan the QR code (iOS users can use the default photo app). If a user prefers to use the Desktop app (for iOS, Windows 7 or Windows 10), he can type in the activation code to activate his ID in the app.
The ID is ready to use right away and the user can start using the 2FA with his next login.



4.

After downloading the SecSign ID app the user selects the option “Start QR code pairing” on the first screen. iOS users can simply use their default photo app.

To ensure advanced security you can initiate an additional Email code sent to the Email address associated with the Atlassian account of the user. The user has to provide this code to activate the 2FA for his account. You can activate this option in the plugin settings.

5.

SecSign ID created successfully
To finalize the activation of the ID, the user has to authenticate with it once. This process starts automatically once the ID was activated in the app. After successfully authenticating with the new SecSign ID the user can now use the 2FA for every login.
The QR-code onboarding procedure is only necessary for the activation of the ID, not for all subsequent logins.



Login – User point of view

To access Bitbucket, the user needs to authenticate with the SecSign ID app and his ID. The first authentication automatically starts after the user activated his ID in the app.

1.

The user logs in with his user name and password, just like he is used to.

2.

An access symbol is displayed to the user on the screen.

3.

He selects the respective symbol in his app to verify the login.


For subsequent logins, the user can use the two-factor authentication.

Administrator-led: Enter existing ID

Overview – administrator point of view

1.

If the user already created a SecSign ID in his SecSign ID app, you can add it here. Navigate to the Bitbucket backend > user management > individual user. Each individual user has an option to add an ID to his user profile (the user name that was created in the SecSign ID). This ID can be edited via the editing button. You can access this option both via the user management and the tab “users”.

The ID can be used for authentication right after you added it to the user account.

You can also choose this option to change an ID, for example to add a individual ID instead of the automatically chosen one. Please note that you need to create the ID in the app first before adding it here.

Login – User point of view

To access Bitbucket, the user needs to authenticate with the SecSign ID app and his ID. The first authentication automatically starts after the user activated his ID in the app.

1.

The user logs in with his user name and password, just like he is used to.

2.

An access symbol is displayed to the user on the screen.

3.

He selects the respective symbol in his app to verify the login.


You can assign one or several SecSign IDs to any user. These IDs can be used to authenticate the Bitbucket login.
Several IDs need to be divided by a comma. Assigning several IDs to one user can make sense if one user is for example a company account rather than an individual user. By assigning several IDs, several users can access this account protected with 2FA.

An overview of all users and their assigned SecSign IDs is available in the user management backend, organized by the groups the users are assigned to (for example Bitbucket-administrator, Bitbucket-user)

Create a new user in Bitbucket


When creating a new user the administrator has the option to add a SecSign ID right away. A complete overview of the individual options on how to add an ID to an user are explained in the chapter “Assign individual IDs “

There are three options after creating a new user:
1. SecSign ID should match the user name/ SecSign ID should match the email address

Based on the settings of the plugin the ID of the user will be predefined with either one option (email address or user name). During the first login to Bitbucket the user will be presented with the QR-code onboarding option to download the SecSign ID app and activate his ID.

Overview – administrator point of view

1.

The administrator chooses a pattern for the users SecSign ID, for example based on the user name or email address of the user.

Overview – user point of view

2.

During the first login the user is presented with the QR-code onboarding screen with links to download the SecSign ID app as well as the QR-code to scan with the app. If the user prefers to use the Desktop app he can simply type in the activation code to activate his ID in the app.

2. User can choose his own individual SecSign ID

If you activated the option “Add own ID”, the user can choose his own individual ID during his first login.

Overview – administrator point of view

1.

The administrator activates the option “user can choose his own ID” during the generation of the user.

1. (Alternative)

Alternatively, the administrator can invite the user to Bitbucket via his email address. The user will be presented with the option to choose his own individual ID here as well.

Overview – user point of view

2.

The user accepts the invite via the link in the Email and is automatically directed to the Bitbucket login screen to select a password. After he chose a password he is directed to the Bitbucket login to log in for the first time. After a successful authentication with user name and password he is then directed to the SecSign ID ID assignment page, where he can add his SecSign ID. He can either enter his ID that he already created in the SecSign ID app (existing SecSign ID), or choose a new ID. If the user chooses a new ID he is automatically directed to the QR-Code procedure to create his new SecSign ID and activate it in his app.

2. (Alternative)

If the administrator invited the user via his Email address the user is automatically directed to the registration screen via the link in the Email. Part of this registration process is choosing the SecSign ID. He can either enter his ID that he already created in the SecSign ID app (existing SecSign ID), or choose a new ID. If the user chooses a new ID he is automatically directed to the QR-Code procedure to create his new SecSign ID and activate it in his app.

3.Using an existing ID

If the user already created a SecSign ID, you can add it here. The user can then use it for the next authentication right away.

Overview – administrator point of view

1.

The administrator selects “user can choose his own ID” when creating the user.

Overview – user point of view

2.

The user can authenticate with his in the SecSign ID app created ID.

Option 3: Rollout for Atlassian Crowd Setup

If you are already using Atlassian crowd you can enroll your users either with the individual user sign-up (Option 2) or with your custom two-factor authentication app. Crowd then offers the option to activate 2FA for all connected services (for example JIRA, Confluence, Bamboo,…) at once.

With Crowd and the SecSign ID Crowd Plugin you can define the enrollment and 2FA activation procedure for all users and services in one setting. Define the user name and enrollment procedure with the Crowd Plugin settings, and your users can use 2FA with all connected services at once.

Important: To activate this option, you need to download and integrate the SecSign ID Add-ons for the respective services. For more information about the Atlassian Crowd integration and installation please refer to the Crowd Tutorial.
How to use Crowd with an existing SecSign ID Bitbucket installation is described in the chapter Atlassian Crowd.

SecSign also offers solutions for complex setups and special cases, for example setups with users managed both in Crowd and other services, for example internal Bitbucket users. Please contact us for a detailed evaluation of your setup and more information.

Contact

Option 4: Rollout for external users that are not managed in your internal Bitbucket user management system

If you users are already registered in your Atlassian system (JIRA, Confluence, Crowd, Bitbucket oder other) you can roll out 2FA via the administrator and manage in the individual Atlassian user management.

If your users are not yet registered in your Atlassian System you can offer them a convenient rollout experience with the QR Code procedure or the SecSign ID Custom app in combination with the on-premise setup.

We offer individualized and custom solution for complex setups and special requirements. Please contact us for a detailed evaluation of your setup and more information.

Contact

Option 5: Rollout for users managed in your Active Directory

The easiest way to activate the two-factor authentication for the users managed in your Active Directory is a link from your user management system to the SecSign ID on-premise server with the custom ID app. With this option the user can log in with his credentials (like usual), enters his SecSign ID and is automatically activated for the 2FA. This option does also include Crowd and users managed via Crowd. More information about 2FA for Crowd setups can be found in the chapter “Crowd”.

You can extend the 2FA protection for users managed in your Active Directory for numerous other access points, for example VPNs, portals and more. Additionally, we offer the option to use custom plugins, ADFS or SAML for Atlassian Cloud services as well as SAML for Atlassian on-premise service (if all users are using the same Email domain, for example @yourcompany.com).

Please contact us for a detailed evaluation of your setup and more information.
Contact

Plugin settings

Options for plugin settings

Options for the authentication


You can choose between two methods of authentication

Two-Step Authentication

With the two-step authentication (2SA) you have an additional layer of security by adding an additional step to the authentication procedure. If the option for 2SA is activated the user needs to authenticate with his user name and password before he is presented with the SecSign ID two-factor authentication. Only if the user successfully authenticated with his user name and password he can authenticate via the two-factor authentication.

Overview – administrator point of view

1.

You can activate the two-step authentication in the Bitbucket Backend. The option “No 2FA necessary” defines if the user needs to authenticate with a two-factor authentication or if an authentication with only the user name and password is sufficient.
If you activate this option the user only needs to authenticate with his user name and password (no 2FA or 2SA). This will give you the option to offer users with limited access rights a simple login. For users with extensive access rights (for example administrative accounts) you should deactivate this option to provide the accounts with the optimal protection. If the option is deactivated they will need to log in with their user name and password and then authenticate with the SecSign ID 2FA to access their account.


Overview – user point of view

2.

The user logs in with his user name and password like he is used to.

3.

The user receives a push notification to the device he installed the SecSign ID app on and confirms the login via the app. He can not authenticate via the two-factor authentication before verifying his identity with his user name and password first.

Two-Factor Authentication

With the two-factor authentication the user is presented with the SecSign ID login when he tries to access his Bitbucket account. He needs to enter his SecSign ID and authenticate via the SecSign ID app to access Bitbucket.

Overview – administrator point of view

1.

You can activate the two-factor authentication via the Bitbucket backend. The option “show login with user name and password” decides if the user can still user the user name and password login as an option (without 2FA).
If you activate this option the user only needs to authenticate with his user name and password (no 2FA or 2SA). This will give you the option to offer users with limited access rights a simple login. For users with extensive access rights (for example administrative accounts) you should deactivate this option to provide the accounts with the optimal protection. If the option is deactivated they will need to log in with their user name and password and then authenticate with the SecSign ID 2FA to access their account.


Overview – user point of view

2.

The user can now authenticate with the SecSign ID that is linked to his account and the app (see Rollout for more information)


Optional: Show Login with user name and password

You have the option to allow a user name/password login without 2FA. If you activate this option the login screen will show a button that allows the user to switch to the simple user name and password login.
You can activate and deactivate this option for each user individually to manage access protection via 2FA finely granular.

Login without Access Pass


Login with or without Access Pass

The two-factor authentication for Bitbucket can be implemented both with and without presenting an access pass to the user. If no access pass is shown the user can verify (or deny) a login via the app without the need to verify an access pass.

Overview – administrator point of view



this option can only be activated if the two-step authentication (user name and password login followed by a two-factor authentication) is enabled.

Overview – user point of view



User settings


Change own ID
If this option is activated the user can change his own ID independently. If he wants to create a new SecSign ID and use it, he can do so after logging into Bitbucket via his profile. The administrator can deactivate this option. If the option is deactivated the user needs to request an ID change with the administrator.

We recommend deactivating this option for security reasons, or activate it in combination with additional activation and security steps./p>
Option to add ID
This option simplifies the user onboarding procedure.
If the option is activated the user will be presented with the choice to add his own SecSign ID after authenticating via user name and password for accounts that do not yet have a SecSign ID assigned to. That way the user can add his own ID or create an individual ID without any additional steps required by the administrator

For more information please refer to the chapter Rollout: User-led onboarding.

Custom Login Design

You have the option to match the SecSign ID login colors to your company colors. If you activate this option you can choose a background color with a hexadecimal RGB-value.

With the SecSign ID on-premise setup you have additional options to customize the login, for example with your company logo. Contact us for more information about the on-premise setup and customized login for your users

Contact

DMZ without 2FA

Most on-premise Atlassian services like JIRA and Confluence use internal networks for the internal access to the service. Those networks are normally not accessible for external access and only enabled users already authenticated via the company network access.

For these setups you can activate the IP SafeZone option to define a secure IP-zone. Within this IP-zone the user only needs to authenticate with his user name and password, not with a two-factor authentication. For all users outside of the IP-Zone (for example in a Home Office) the two-factor (or two-step) authentication is required for all logins to add a layer of security.

Crowd

Atlassian Crowd offers a convenient user management system including SSO for all Atlassian products. A user successfully authenticated for Bitbucket is automatically logged in to all other connected services, for example Bitbucket, Confluence, Bamboo and other.

The SecSign ID plugin adds a secure two-factor authentication to the Crowd SSO login.

Activate “Synchronizable IDs” and save the settings to import the SecSign IDs from the Crowd system. If you are using a crowd directory for your users and already linked the SecSign IDs to the user accounts via the Crowd plugin, they are imported when this option is activated and can be used for the Bitbucket login as well.

If you want to allow editing the IDs from Bitbucket and make those changes available in all connected services, you can activate the option “Write in directories”. Any changes to a SecSign ID via Bitbucket is automatically passed on to Crowd and all other connected services.

SecSign ID Server

The option “Company name” lets you add your company name. It is for example used during the administrator-led SecSign ID batch registration.
Die Einstellung „Firmenname“ erlaubt Ihnen Ihren Firmennamen einzugeben.
The option “Service name” lets you add your service name to be displayed at several points during the login to let the user identify the authentication.

On-premise SecSign Server

If you are using an on-premise SecSign ID server you can add it here. Add the server address at “SecSign ID server”. The option “Fallback SecSign ID server” lets you add a fall back server to be used when the first server fails. This server should have activated the IDs for at least some administrators to ensure uninterrupted access to your system.

More information about the advantages of using a SecSign ID on-premise server are available in the chapter
“SecSign ID on-premise Server”.

Create an user

You can choose your preferred method of creating SecSign IDs for new users. Detailed information about the rollout can be found in the chapter “Activate 2FA for individual users” and “Activate 2FA for user group batches”

You can choose between:
1. Using the user name to create a SecSign ID

If you choose this option the SecSign ID is created from the respective user name followed by your company name that you can edit via the option “SecSign ID server” (“@yourcompany”).
For a user with for example the user name “jdoe” a SecSign ID “jdoe@yourcompany” will be created.

2. Use the email address to create a SecSign ID

If you choose this option the SecSign ID is created from the respective email address. This option makes sense if all users are using a company email address, so each SecSign ID is distinctively identifiable

HTTP-Auth

You can choose to prevent access to Bitbucket via HTTP-Basic Auth, for example via REST API access that only requires a user name and password. If you activate this option you add an additional layer of security and prevent access to your system via a loophole.


If you have additional requirements, for example access to specific IP-addresses to Bitbucket via Basic-Auth you can contact us for a customized offer.

Contact

Support Options

If you are running into issues during the setup of the plugin, you have the option to either reset all settings, or to send an error log to the SecSign ID support team.

We advise you to contact the SecSign ID support team before resetting all information.

QR-Code

One option to securely and conveniently enroll your users is the QR-code procedure. More information about your options for enrollment can be found in the chapter “2FA Rollout and Activation”.
For the QR-code procedure you can choose the level of security in compliance with your requirements. Your users may only scan the QR-code and use the 2FA right away, or they may have to enter an additional security code sent to their Bitbucket account Email address.

Please note that IDs are automatically created on the server if you choose the QR-code Activation with additional Email-Code verification for the batch rollout. When choosing a pattern for the IDs for one group, all IDs are automatically and immediately created on the server upon verification of the administrator. If the administrator chooses the QR-code activation without additional verification via Email code, the IDs are only created once the user activates them in the app via the QR-code procedure. In that case the IDs are reserved in Bitbucket and not activated on the server until the user activates them in the app.

Synchronization / Crowd

Synchronization / Crowd

Synchronization of Atlassian product mapping.
To manage mappings in Crowd and all connected systems efficiently, it is important to edit the settings accordingly. To use the synchronization and SSO your Crowd needs to be set up accordingly and all services need to be connected to it.

Bitbucket offers the Option “Synchronizeable IDs”. If this option is activated, the mappings are no longer saved locally in Bitbucket but in Crowd and the embedded versions are saved in the applications as user attributes.

That way the Crowd directory mappings are synchronized with other applications and can be used there accordingly. This saves time and money for the administrator and enabled the use of the SSO with the SecSign ID two-factor authentication.

When the user is successfully authenticated with Bitbucket he is automatically logged in to other connected services, for example Bamboo, Confluence, Bitbucket or other, that hav the SSO activated. It is still possible to create local Bitbucket users and add their IDs only to be used in Bitbucket.

If you want to enable adding and editing IDs in Bitbucket, please activate the option “Write in directories”. This will enable mappings in Bitbucket and make edits accessible in Crowd and all other connected applications. This option can only be activated if Bitbucket has rights to modify user attributes in Crowd. If Bitbucket does not have those rights, there will be an error displayed when you are trying to edit the mappings.

All other access rights are not necessary and can be edited based on your requirements. It is also not required for the Crowd Directory to have edit rights in Bitbucket since the access to the attributes is separate.

On-premise SecSign ID Server

On-premise SecSign-Server

Strengthen your security with an on-premise SecSign ID two-factor authentication. With the SecSign ID on-premise setup you have all 2FA components on your premise – no exceptions.

  • Combine excellent security with extensive and customized settings.
  • Customizable login and rollout options for your users and administrators
  • Extensive options for audits, endpoint monitoring, user and access security
  • Protection as strong as you need it – no exceptions. Secure all access points, including VPN, Web, Desktop and other.
  • Integrate the 2FA in existing apps or get a customized SecSign YourCompany ID app – Custom built for your requirements.
  • Keep control over all aspects – all files, update security, authentication process and administration.
  • SecSign plugins can easily be managed with minimal maintenance. Classic problems you may encounter have a ready-to-use solution with no additional administrative actions required. For example: Loss of the device, changing out a device and more. With SecSign ID you can minimize administrative involvement, costs and frustrations.
2FA procedure

Two-Factor Authentication Procedure

Depending on the options you defined in the settings the two-factor authentication may look different for your users.

By default, the two-step authentication is activated. The user has to log in with his user name and password first and then authenticate with the SecSign ID two-factor authentication, if it is activated for him. To complete the two-factor authentication he is presented with an access pass, which he has to verify in the SecSign ID app. He is then authenticated and logged in to Bitbucket.

If you prefer the two-factor authentication over the two-step authentication, the user only needs to provide his SecSign ID to start the authentication. He is then presented the access pass, which he needs to verify in the SecSign ID app.

Two-Step Authentication with the SecSign ID
Two-Step Authentication with the SecSign ID

Trouble shooting

Trouble shooting

If you have problems with the SecSign plugin or if you lost your SecSign ID, you can remove the plugin manually.

For this, please search for the directory in which the add-on was installed. This would usually be

$bitbucket_INSTALL/atlassian-bitbucket/WEB-INF/lib/.

Alternatively, you can search for the SecSign ID plugin in the Bitbucket home directory:

Afterwards, please delete the respective jar and restart Bitbucket.

No Patch Work Solutions:
Two-Factor Authentiacation for all your Atlassian services.

Atlassian

Logo
Secure your Confluence system with SecSign Two-Factor Authentication.
Logo
Secure your Jira system with SecSign Two-Factor Authentication.
Logo
Secure your Crowd system with SecSign Two-Factor Authentication.
Logo
Secure your Bitbucket system with SecSign Two-Factor Authentication.
Logo
Secure your Bamboo system with SecSign Two-Factor Authentication.
Logo
Secure 2FA for Identity Federation with Active Directory.
Logo
All Atlassian Plugins can be secured with our SecSign-SAML-Plugin.
Logo
Secure all interfaces between your Atlassian system and external apps with our OAuth Plugin.
Logo
Secure your REST interfaces with SecSign Two-Factor Authentication.

Why SecSignID?

Die 2FA von SecSign ist die stärkste Zwei-Faktor-Authentifizierung auf dem Markt! Profitieren Sie von unbegrenzten Möglichkeiten der Integration. Für so gut wie jedes Login bietet SecSign eine Absicherung. Auch für komnplizierte Nutzermanagement-Situationen, wie beispielse Nutzer in und außerhalb eines AD hat SecSign unkomplizierte Lösungen parat.

Logo

Inhouse- oder Cloudlösung

Zwei-Faktor-Authentifizierung in der Cloud, oder volle Kontrolle und individuelle Anpasungen durch eine Inhouse Lösung.
Logo

Sichere Authentifizierung

Passwörter sind nicht sicher. Sichern Sie Ihre Logins und somit Ihre Unternehmensdaten mit unserer echten Zwei-Faktor-Authentifizierung ab.
Logo

Schützen Sie ALLE Logins

Integration in sämtliche Loginumgebungen; Web, Lokal, VPN, Remote Desktop, Mobile Logins und Plugins für nahezu alle Umgebungen.
Logo

Einfache Integration

Unsere Plugins lassen sich leicht in Ihre Systeme integrieren und ohne großen Aufwand auch für eine große Nutzerzahl aktivieren.
Logo

Unkompliziertes Nutzermanagement

Schützen Sie Ihr Active/Directory/LDAP mit der Zwei-Faktor-Authentifizierung und erstellen Sie dadruch Ihr individuelles Identitäts- und Zugangsmanagement mit zahlreichen Sicherheitseinstellungen.
Logo

App Integration

Mit unserer Anwendungsfertigen SDK können Sie ganz einfach die Zwei-Faktor-Authentifizierung in bestehende Apps integrieren. Alternativ erstellen wir eine App mit Ihrem Unternehmens Look-and-Feel.

Your own ID-Server

On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.

Learn More
On Premise 2FA ID

Latest Blog Posts, Updates & Features

Atlassian JIRA and Confluence Two-Step Authentication and IP-SafeZone

With SecSign ID you can protect all your logins with a secure Two-Factor Authentication based on a challenge response. The authentication offers the highest protection for the company data while being incredibly simple to us ...

Mehr Lesen

SSO Setup with Crowd

Content Pre-requirements Setup and configuration of the components as a server application Configuration of Crowd for the centrally organized user management Configure application (for example JIRA) to be used wit ...

Mehr Lesen

What is possible with Crowd?

The SecSign ID Crowd Plugin can be integrated in just a few steps. For more information about the plugin and the integration please refer to the following pages. Do you have any questions? Don't hesitate to contact us. ...

Mehr Lesen