Crowd SSO 1.0 Vs 2.0 behaviour against Bitbucket internal users

Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Crowd SSO is 1.0 is allowing Bitbucket internal users to login

Environment

Bitbucket - 6.10.0

Crowd SSO - 1.0

Crowd SSO -2.0

Solution

If we enable the crowd sso 1.0 in the Bitbucket properties as following:

plugin.auth-crowd.sso.enabled=true

This would allow all the user's (crowd & Bitbucket internal) to login as if there wasn't any SSO implemented.

However same is not true for the Crowd SSO 2.0. The Crowd SSO 2.0 allows you to

  • Either, keep two (Bitbucket and Crowd) separate login forms Where internal users can login through Bitbucket form and the Crowd users can login through the Crowd login form.

  • Or , Allow only one kind of login where Crowd user's are able to login and Bitbucket internal users aren't. This approach can be dangerous if you don't have at-least one admin account among the external users as you may lock admin out incase he/she is an internal user.

  • Admin can choose either of the two by navigating to administration > SSO 2.0 as following

    (Auto-migrated image: description temporarily unavailable)
Updated on September 26, 2025
Platform
Data Center only
App
Bitbucket Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community