Single Sign-On (SSO) for Bitbucket

MantisHub supports single sign-on (SSO) with Bitbucket. This allows you to access your MantisHub account using your Bitbucket login credentials.  

As well as adding convenience this can also provide extra security. Bitbucket supports two-factor authentication (2FA), so you may wish to have your users access MantisHub with either of these for a higher level of data security.

Firstly, administrators will need to install the plugin. Head to Manage - Manage Plugins and click the install button next to the AuthHub plugin listed in 'Available Plugins'.

 

AuthHubpluginInstall_marked.png

 

You'll now see options at the bottom of your login screen to connect into MantisHub with any of our supported provider accounts including Bitbucket. 

login_with_BB_mark.png

When you click on Bitbucket, it will require you to allow MantisHub to access your account. You'll need to allow access on the consent forms displayed.  This should be a one time prompt.

 

bitbucket_consent_authhub.png

The registered email in MantisHub for a user must match a verified email address (primary or secondary) with Bitbucket.

 

There are also several options you can configure with regards to SSO, including locking a list of users or domains to user BitBucket Login and turning on auto-provisioning (off by default). 

 

Configuration Options

Below are the configuration options for your AuthHub setup. To enter the configurations, an administrator can set this up from the web UI.  Head to the Manage - Manage Configuration - Configuration Report page and create the relevant configuration option.

AzureAD_configOpt.png

 

Authentication Scope

Set the domain for your tenant:

Config Option:    plugin_AuthHub_federation_tenant

Type:                  string

Value:                 <tenant e.g. example.com or mine.example.com>

 

Lock users to Provider Authentication

To define users you wish to have ONLY use your provider authentication, create the following configuration.  You can specify list of users, domains, or a mix:

Config Option:    plugin_AuthHub_federation_force_list

Type:                  complex

Value:                 array()     <within brackets specify list of usernames, email addresses or domains. e.g. jsmith, jsmith@example.com or @example.com>

 

Permit users to use both credentials 

To define a list of users allowed to still use their MantisHub login as well as provider authentication, create this configuration option. Note that this list has higher precedence over the force list. It is useful for administrator who may need to disable or troubleshoot sign-on federation issues.

Config Option:    plugin_AuthHub_allow_password_login

Type:                  complex

Value:                 array()     <within brackets specify list of usernames, email addresses or domains. e.g. jsmith, jsmith@example.com or @example.com>

 

Login Session Lifetime

To define the login session lifetime in seconds for users who log in via a federated provider, create this configuration option:

Config Option:    plugin_AuthHub_federation_session_lifetime

Type:                  integer

Value:                 <lifetime in seconds, default is 86400 (24hrs). Enter 0 to expire the session when the browser is closed.>

 

Auto-provisioning 

To enable auto-provisioning for users not already in MantisHub, create the following configuration option. Auto-provisioning will be based on sign-in information. 

Config Option:    plugin_AuthHub_provisioning_enabled

Type:                  integer

Default:              0

Value:                 1

 

To limit the domains for auto-provisioning:

Config Option:    plugin_AuthHub_provisioning_domains

Type:                  complex

Value:                 array( '@example1.com', '@example2.com' )

 

To define provisioning global access level for auto-provisioned accounts which applies to public projects:

Config Option:    plugin_AuthHub_provisioning_global_access_level

Type:                  integer

Value:               see access levels article   

 

To define a default access level per project (This is necessary for private projects and cases where project access level is not equal to global access level specified in `provisioning_global_access_level`).

Config Option:    plugin_AuthHub_provisioning_project_access_level

Type:                  complex

Value:                 array( 'project1' => 'REPORTER', 'project2' => 'DEVELOPER' )

 

And you're done! Now you can go make yourself a hot cocoa :)

 

Have more questions? Submit a Request

Comments

Powered by Zendesk