Your own ID-Server
On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.
Learn MoreUse SecSign ID Crowd Two-Factor Authentication to login to all your Atlassian applications with an easy and highly secure user login using iOS or Android mobile devices as well as for desktop use. This tutorial describes the integration of the SecSign ID Crowd Plugin.
This plugin is compatible with Crowd Datacenter and Crowd SSO 2.0
With Atlassian Crowd you can centrally manage and protect all your Atlassian users.
Your users can conveniently login to all Atlassian services in just one authentication with its build-in Single-Sign on (SSO) feature. And with the SecSign ID Two-factor Authentication the login has the best protection available.
No need to make compromises between security and convenience. Offer your users the convenient Atlassian SSO for all Atlassian services without the threat of hacker attacks to your company accounts.
The user authenticates with the SecSign ID Crowd Plugin, which automatically logs him in to any connected service that he is authorized for.
While the SecSign ID Authentication is uniquely secure, the user only has to deal with the convenient Touch-Authentication. Simple Authentication – Strong protection.
Advanced cryptography with patented 2048 bit private Key
SafeKey or Elliptic Curve Cryptography Key in TEE. Choose between two-factor authentication, or two-step authentication with additional password protection.
Attackers can’t steal what isn’t there and your users don’t have to worry about inventing passwords. With PKI-based 2FA it’s that easy.
You don’t want to eliminate passwords? No problem, simply choose two-step authentication.
Decide once which user has access to which application and what kind of authentication is required. No need the apply the rules for every single service if you connect to Crowd. And revoke those rights with one click if you need to.
Not only the users need protection – your Crowd administrative login is also protected with the best SecSign ID Two-Factor Authentication
One secure two-factor authentication logs the user into every linked account for all applications. Single Sign-On the secure way.
Scalable services for organizations, websites or individuals. Or operate your own authentication server, with all your data on your premise.
Combine the convenience of Atlassian Crowd SSO and the security of SecSign ID Two-Factor Authentication for all logins under Crowd, including intranet, public websites and Atlassian services in your Identity Management System (IDM)
With one secure authentication the user is automatically logged into all connected services. For your convenience you can connect your Active Directory and manage all users centrally.
Contact us today for your individual IDM solution with SecSign ID and Atlassian Crowd.
CONTACTFor more information about the Crowd setup with SecSign please refer to our Atlassian overview for SecSign ID.
ATLASSIAN OVERVIEWThe communication of Crowd, JIRA, the Active Directory and the SecSign ID server is displayed in the following UML diagram.
A link to the Active Directory is not necessary for the setup. The IDs can be directly managed in the the respective Atlassian services without linking the Active Directory.
By linking your Active Directory there is no need to separately manage your users in all individual services. Each change to a user profile in the Active Directory is automatically applied to all services the user is assigned to.
1Install the Plugins
Install the SecSign ID Crowd Plugin and the SecSign ID plugins for all connected Atlassian services that need to be secured with 2FA. A roadmap is available here.
Information about the setup of a complete SSO for Atlassian services with Crowd can be found on our blog. This will give you detailed information about the initial Crowd Setup if you have not been using Crowd yet.
2Activate the connected services in Crowd
Choose “Add Application” to add the respective services to your Crowd setup, for example Jira, Confluence, Bamboo.
3Activate Crowd for the respective services
For each service that is connected to Crowd you need to activate Crowd. Navigate to “User management”, “User directories” and add your Crowd directory.
Your users can now use the 2FA in Crowd and are automatically authenticated for all connected services
The Crowd Plugin can be installed in a few simple steps.
A detailed description on how to activate the Crowd SSO in Jira, Confluence and other applications, please refer to this tutorial.
The option “SecSign ID” is available in the top menu after installing the SecSign ID Plugin. This option gives access to the configuration of the plugin and assignment of the SecSign ID to the users in the directory.
Comprehensive security doesn’t need to be complicated. Your users can be secured with 2FA by tomorrow. You have the choice between convenient ready-to-use options or customized solutions for your specific setup.
Our solutions are build for frictionless rollout and management, user self-control and convenience. Reliable protection in just a few simple steps.
More information about the SecSign ID Rollout Options are available here.
If your users are managed with an Active Directory setup you have two options to activate the two-factor authentication for them. For a detailed description on how to add the SecSign ID attribute to your Active Directory please refer to this tutorial.
Enrolling your Active Directory usersIf you want your users to select their own User ID (SecSign ID), you can activate this function at SecSign ID settings – User Options.
Every single Atlassian setup is different and each company has individual requirements. SecSign offers numerous options for 2FA rollout and onboarding for the users to support your requirements ideally. All options are available to choose from in the SecSign ID plugin backend.
The first parts of this chapter cover the 2FA rollout for existing Crowd users. To activate 2FA when creating a new user, please navigate to “Create new user”.
If you have additional requirements that are not covered with the default settings, or if you have any questions, please contact us for a personalized consultation.
Contact usThe easiest method to activate 2FA for a setup is the 2FA activation for individual groups. This option activates 2FA for entire groups at once. You can either have the administrator choose the ID (2FA app user name) pattern for a consistent ID pattern for all users (for example johnsmith@yourcompany), or the user choose his ID individually.
Additional details about the 2FA activation for entire groups can be found in the chapter “Batch-Rollout”.
The administrator chooses an ID-pattern in the plugin settings, which is based on the company name.
The user logs into Crowd in the way he is used to (user name and password). The Crowd login is already displaying the SecSign ID design, which can be customized to fit the company color scheme.
After the successful login, links to download the SecSign ID app and the QR code for the 2FA activation are displayed. The user can download the app and scan the QR code to activate his ID on his device. In case the user prefers the Desktop 2FA app, he can simply enter the code on his desktop.
After downloading the SecSign ID app, he can start the QR code pairing in the app.
To ensure advanced security you can initiate an additional Email code sent to the Email address associated with the Atlassian account of the user. The user has to provide this code to activate the 2FA for his account. You can activate this option in the plugin settings.
The SecSign ID is successfully created.
To finalize the SecSign ID generation process, the user will perform his first two-factor authentication by selecting his ID (if the process does not automatically start). The account is protected with 2FA after the first successful authentication. For the next logins, the user needs to perform 2FA to get access to his account. The QR-onboarding process is only relevant for the first activation and does not need to be repeated for subsequent logins.
To access Crowd, the user needs to authenticate with the SecSign ID app and his ID. The first authentication automatically starts after the user activated his ID in the app.
The user logs in with his user name and password, just like he is used to.
An access symbol is displayed to the user on the screen.
He selects the respective symbol in his app to verify the login.
For subsequent logins, the user can use the two-factor authentication.
One option to roll out 2FA for your user groups is to define the ID patter (user name in the app) by the administrator. He can choose the pattern and thus, define the user name for every user in that group, in one simple step.
One example is the rollout for all users in the administrator group to receive an ID with the suffix „-admin@yourcompany“. By defining the pattern „%username%-admin@yourcompany“, the administrator predefines the ID for every single administrator in one step, without the need for additional steps in the individual user accounts. The individual IDs are automatically created and added to the individual accounts in the group.
The users in the group are then presented with the QR-code pairing option during their next login. They can download the SecSign ID app and add the ID to it by following the steps of the QR-code procedure. Activating the ID in the app is as simple as scanning the QR code (for iOS users scanning the QR code with the photo app is sufficient, Android users need to scan the QR Code with the SecSign ID app). After activating their ID on their app they can start using it right away.
If your users already created an ID in the app you can add them and select “Save”. That way the IDs are not created but only linked to the individual user account.
The administrator activates the option for users to choose their own ID (user name in the SecSign ID app) during the next login.
The user logs in with his user name and password, just like he is used to.
He is presented with the option to add an ID (user name in the SecSign ID 2FA app) to his account. He can choose if he wants to add an ID he already created (existing ID), or create a new ID for his account. If the user already created an ID in his app he can add it here and use it for authentication right away.
If the user did not yet create an ID he can generate a new ID and is automatically directed to the QR-code activation option (see QR-code pairing). He can then create a new ID and activate it in his app automatically.
To access Crowd, the user needs to authenticate with his app and his ID. The first authentication is automatically started after the user activated his ID in the app.
The user logs in with his user name and password, just like he is used to.
An access symbol is displayed to the user on the screen.
He selects the respective symbol in his app to verify the login.
You can offer your users an unrestricted choice of their ID (user name in the SecSign ID 2FA app) during their next login.
Option 1: The user has not yet created an SecSign ID (user name in the 2FA app)
The user is presented with the option to create an ID for the SecSign ID app. To create the ID he enters it in the respective entry field. If the ID is still available, he is presented with the QR code to activate the ID, as well as download links for the app on the different platforms (iOS, Android,…). He can then download the app and scan the QR code with his phone (for iOS he can use the default photo app, or the SecSign ID app). By scanning the QR code his new ID is automatically created in his app. He can then start using the two-factor authentication right away without additional assistance required by the administrator.
Option 2: The user already created a SecSign ID
If the user already created a SecSign ID (2FA user name) in the SecSign ID app and wants to use this ID, he can select “I already have a SecSign ID”. This option will allow him to add his existing ID to his account. He can then use this ID right away to authenticate, without additional assistance required by the administrator.
SecSign offers alternative options for rollout, as well as individual customized solutions to fit your requirements. You can choose between batch enrollment, individual enrollment by the administrator as well as user-based sign-up.
A manual and individual enrollment is ideal for small user groups or to test the integration. To conveniently rollout 2FA in batch for larger groups, please refer to the chapter “22FA Batch Rollout for high user volumes”.
If the user has not yet created a SecSign Id in his app (user name in the SecSign ID app), you can reserve an ID for him and add it to his account. At the next login the user is presented with the QR-code enrollment after successfully logging in with his user name and password. With the QR-code enrollment he can install the app and activate his ID in just a few simple steps, without additional action required from the administrator. The ID is ready to use right away.
The administrator can assign the ID to the user both in the plugin backend and the Crowd user management interface.
If you created a new SecSign ID for the user, he has to activate it in his app before he can use it. First, he needs to download the app from the app store (download links are provided for him during his next login). He can then activate his ID in his app by following the steps of the QR Code procedure, after successfully authenticating with his user name and password.
After authenticating with his user name and password the user is presented with the download links for the SecSign ID app and the QR code to activate his in ID in the app. To activate his ID he simply has to scan the QR code (iOS users can use the default photo app). If a user prefers to use the Desktop app (for OSX, Windows 7 or Windows 10), he can type in the activation code to activate his ID in the app.
The ID is ready to use right away and the user can start using the 2FA with his next login.
After downloading the SecSign ID app the user selects the option “Start QR code pairing” on the first screen. iOS users can simply use their default photo app.
To ensure advanced security you can initiate an additional Email code sent to the Email address associated with the Atlassian account of the user. The user has to provide this code to activate the 2FA for his account. You can activate this option in the plugin settings.
SecSign ID created successfully
To finalize the activation of the ID, the user has to authenticate with it once. This process starts automatically once the ID was activated in the app. After successfully authenticating with the new SecSign ID the user can now use the 2FA for every login.
The QR-code onboarding procedure is only necessary for the activation of the ID, not for all subsequent logins.
To access Crowd, the user needs to authenticate with the SecSign ID app and his ID. The first authentication automatically starts after the user activated his ID in the app.
The user logs in with his user name and password, just like he is used to.
An access symbol is displayed to the user on the screen.
He selects the respective symbol in his app to verify the login.
If the user already created a SecSign ID in his SecSign ID app, you can add it here. Navigate to the Crowd backend > user management > individual user. Each individual user has an option to add an ID to his user profile (the user name that was created in the SecSign ID). This ID can be edited via the editing button. You can access this option both via the user management and the tab “users”.
The ID can be used for authentication right after you added it to the user account.
You can also choose this option to change an ID, for example to add a individual ID instead of the automatically chosen one. Please note that you need to create the ID in the app first before adding it here.
To access Crowd, the user needs to authenticate with the SecSign ID app and his ID. The first authentication automatically starts after the user activated his ID in the app.
The user logs in with his user name and password, just like he is used to.
An access symbol is displayed to the user on the screen.
He selects the respective symbol in his app to verify the login.
An overview of all users and their assigned SecSign IDs is available in the user management backend, organized by the groups the users are assigned to (for example Crowd-administrator, Crowd-user)
There are three options after creating a new user:
1. SecSign ID should match the user name/ SecSign ID should match the email address
Based on the settings of the plugin the ID of the user will be predefined with either one option (email address or user name). During the first login to Crowd the user will be presented with the QR-code onboarding option to download the SecSign ID app and activate his ID.
The administrator chooses a pattern for the users SecSign ID, for example based on the user name or email address of the user.
During the first login the user is presented with the QR-code onboarding screen with links to download the SecSign ID app as well as the QR-code to scan with the app. If the user prefers to use the Desktop app he can simply type in the activation code to activate his ID in the app.
2. User can choose his own individual SecSign ID
If you activated the option “Add own ID”, the user can choose his own individual ID during his first login.
The administrator activates the option “user can choose his own ID” during the generation of the user.
Alternatively, the administrator can invite the user to Crowd via his email address. The user will be presented with the option to choose his own individual ID here as well.
The user accepts the invite via the link in the Email and is automatically directed to the Crowd login screen to select a password. After he chose a password he is directed to the Crowd login to log in for the first time. After a successful authentication with user name and password he is then directed to the SecSign ID ID assignment page, where he can add his SecSign ID. He can either enter his ID that he already created in the SecSign ID app (existing SecSign ID), or choose a new ID. If the user chooses a new ID he is automatically directed to the QR-Code procedure to create his new SecSign ID and activate it in his app.
If the administrator invited the user via his Email address the user is automatically directed to the registration screen via the link in the Email. Part of this registration process is choosing the SecSign ID. He can either enter his ID that he already created in the SecSign ID app (existing SecSign ID), or choose a new ID. If the user chooses a new ID he is automatically directed to the QR-Code procedure to create his new SecSign ID and activate it in his app.
3.Using an existing ID
If the user already created a SecSign ID, you can add it here. The user can then use it for the next authentication right away.
The administrator selects “”user already created his own ID”” when creating the user.
The user can authenticate with his in the SecSign ID app created ID.
Depending on the options for enrollment and onboarding the admnistrator can choose how to create a new User ID. The administrator can choose to use either the user name of the user in combination with the company name (added as a @company), or the email address of the user. This is only one option to define the user name, other options are available at “2FA activation”.
During the on-boarding process the user will be presented with a QR code to activate the ID for his account. The user can either activate the ID with just the scanning of the QR code, or he will have to verify his email address by entering a code that is sent to the email address associated with his account.
You can choose your preferred authentication method for your users. Per default, your users will have to provide their user name and password in order to start the authentication procedure (two-step authentication 2SA).
With the 2SA activated, you can disable the authentication via access pass. In this case, the user will only have to verify/deny the login via the app, without choosing the respective access pass.
You can deactivate the pre-authentication via user name and password, so that the user will only have to perform an authentication with his SecSign ID (two-step authentication, 2FA).
Especially during the rollout of 2FA it might make sense to give your users the option to login with just their user name and password. We recommend deactivating this function for your production environment.
The option Custom Login Layout allows you to change the background of the login screen to fit your Crowd appearance.
The corresponding Login Background Color determines the Hex color code that is used as the background color for the login screen.
You can deactivate 2FA for users within a certain IP range (for example the office). That way only users outside that IP-range need to authenticate with 2FA, for example users out of office.
The option Local Mappings gives access to editing SecSign IDs via Crowd. IDs can be edited locally and read by connected applications.
Additionally the option LDAP-Import allows to import SecSign IDs from an added LDAP-Directory. For more information on SecSign IDs in LDAP-Directories see the Tutorial.
Activating this option imports mappings from LDAP-Directories and merges them with existing local mappings.
The LDAP-attribute determines the attribute which is searched for in the directories. This can be edited to fit your settings. The default-value is secsignid, which is the attribute-name mentioned in the tutorials.
The option Write to LDAP allows to write changes in mappings from Crowd to the LDAP directory. Use this option with care, because it can delete mappings that are necessary for use in Windows or other important applications.
Also be aware that you already added the secsignid-attribute to the directory as mentioned in the tutorial.
The Service Name should describe your Crowd system. It is displayed to the user during the authentication procedure. The URL of the ID-server is „https://httpapi.secsign.com“ by default. This option gives the possibility to employ your on-premise Crowd system like the on-premise ID-server. With the on-premise ID server you have complete control over accessibility, settings and user data.
More information about our on-premise setup is available on our website.
You can choose to prevent access to Crowd via HTTP-Basic Auth, for example via REST API access that only requires a user name and password. If you activate this option you add an additional layer of security and prevent access to your system via a loophole.
If you have additional requirements, for example access to specific IP-addresses to Crowd via Basic-Auth you can contact us for a customized offer.
CONTACTYou can assign each user one or more IDs that can used for authentication and login with Crowd and, if the plugins are installed, JIRA and Confluence. If you want to assign several IDs to one user simply separate the IDs with a comma. One example of using several IDs for one user is for example company JIRA accounts where several employees use one account with their individual IDs.
Please be aware that activating LDAP-Import without Write to LDAP will result in not deletable SecSign IDs. Even if you clear the input for one user. The imported SecSign IDs will persist and are usable nonetheless.
To delete those IDs please delete them in the LDAP-directory or enable write access to the LDAP by the Write to LDAP option.
If you want to disable the login for a user with an ID in the LDAP directory, just deactivate that account in Crowd or revoke permissions for the application that should not be accessible
An overview of the individual users and their SecSign IDs is sorted into directories within Crowd. Additionally, SecSign IDs can be assigned to the user in the Crowd profile view. In the Crowd user directory all users are listed sorted by directories. This view provides account information for every user and profile information. It also gives information about the assigned SecSign IDs and the option to edit them.
With Crowd SSO 2.0 you don’t need to install 2FA plugins for all connected systems.
To authenticate the user opens his Atlassian service (Jira, Confluence, Bamboo, Bitbucket) and is automatically forwarded to the Crowd login. If the settings for the user require 2FA he is prompted to authenticate with the SecSign ID once. This authentication is valid for all connected services, for example Jira, Confluence, Bitbucket.
The administrator can set up either a two-factor authentication (user name and authentication via the app or OTP), or two-step authentication (user name and password followed by authentication via the app or OTP).
Onboarding of the users can be realized via the Crowd SSO 2.0 login page on their next login, either with them choosing their own ID or activating an ID defined by the administrator beforehand using the QR code procedure. More information about onboarding can be found in the onboarding tutorial.
More information about Crowd SSO 2.0 are available here.
Crowd SSO 2.0 is available for Crowd versions 3.4 or newer, and it is available for the Crowd Data Center.
Please let us know if you want to use the SecSign ID 2FA with Crowd SSO 2.0.
After installing the SecSign ID plugin the SecSign ID login window appears when opening Crowd instead of the user name and password login window. After the user initiates the login an access pass is displayed. This access pass is part of the two-factor authentication procedure that the user needs to verify in the SecSign ID app. The user compares the symbol displayed at the Crowd login with the symbol displayed in his app and selects the identical one. The user is then automatically forwarded to Crowd and successfully logged in.
Alternatively, you can choose to have the user provide his user name and password to start the authentication request (two-step authentication), to not show the access pass and only verify the login via the app or to offer the option to choose login via credentials as an alternative. If required you can choose mobile or Email OTP (one-time passwords) as alternative authentication option.
If you are experiencing issues with the plugin or if you lost your SecSign ID you can manually remove the plugin. Please shut down the Crowd Server and navigate to the home directory of the Crowd Installation.
Delete the .jar file and restart the server.
You can also reset all settings in Crowd, or send your settings to our support team for review. To do so, please navigate to the option “Support Options”.
On premise installations of SecSign ID offer the flexibility to connect with your preferred servers, services, and devices. And you can customize the SecSign ID with your own organization’s branding.
Learn MoreWe are happy to announce that the SecSign ID server has passed the official FIDO certification program of the FIDO Alliance. This will allow you to use the complete FIDO2/WebAuthn standard for passwordless 2FA sign-ins in your exi ...
Mehr LesenThe FIDO2 Project is a set of standards developed by the FIDO Alliance and the World Wide Web Consortium (W3C) to create a strong authentication protocol for the web. It consist mainly of the WebAuth standard for the browser part ...
Mehr LesenIn the recent weeks, home office work has increased potentially. And while employees are practicing social distancing from their home computer, attackers are working hard to exploit security issues in this situation that is unfami ...
Mehr LesenWant to learn more about SecSign’s innovative and highly secure
solutions for protecting your user accounts and sensitive data?
Use our contact form to submit your information, and a SecSign sales representative will contact you within one business day.
If you need assistance with an existing SecSign account or product
installation, please see the FAQs for more information on the most common questions. You don’t find the solution to your problem? Don’t hesitate to contact the
Product Support
I am Interested in