WHAT IS IT?

With this feature there is an option for the user to opt-out of EasySSO to always bypass SSO directly to the regular username and password form instead.

WHY IS IT IMPORTANT?

There are some cases where a user may never be able to sign in using SSO (e.g being a non-domain user), and would get an ugly "domain credentials" pop-up whenever EasySSO attempts to log them in with NTLM or Kerberos. 

Using this feature allows such users to use the regular web form instead and have this preference saved on the machine/browser they use regularly.

OTHER IMPORTANT DETAILS

In Admin settings for EasySSO, admins can control whether or not users can utilise this function.

When enabled, opt-out is available to any logged in user in their Profile/SSO Preferences as well as to anonymous users via URL:
https://<YOUR ATLASSIAN APPLICATION HOST>:<YOUR ATLASSIAN APPLICATION PORT>/<YOUR ATLASSIAN APPLICATION CONTEXT>/plugins/servlet/easysso/optout


The opt-out is specific to the browser being used. If you choose to opt-out when using Internet Explorer, it won't opt you out of any other browsers that you use on the same machine.

It's recommended that you log out to reset your session cookie. By default Bitbucket SessionID cookies will persist after the browser window is closed, requiring the user to logout to have the EasySSO OptOut via cookie come into effect.

HOW TO CONFIGURE EASYSSO OPT OUT via Cookie

Before users can opt out an administrator must enable the feature in the EasySSO Advanced Filtering Configuration screen by ticking the box next to the text 'Allow users to individually opt-out of EasySSO'.

EasySSO 4.0 +

  1. In the EasySSO configuration screen click NTLM/Kerberos.
  2. Click 'Advanced Configuration' on the top-right and switch to the 'Advanced Filtering Configuration' tab.
  3. Check the checkbox next to 'Allow users to individually opt-out of EasySSO', and click save.
  4. Now any user will be able to opt out of NTLM/Kerberos SSO through their user profile settings or using the link.

EasySSO prior to 4.0.0

  1. In the EasySSO configuration screen switch to the "Advanced Filtering Configuration" tab.
  2. Check the checkbox next to 'Allow users to individually opt-out of EasySSO', and click save.
  3. Now any user will be able to opt out of SSO through their user profile settings.


How to get to user opt out screen for Confluence: 

  1. Click on your user avatar and click Settings



  2. Click on SSO Preferences in the left bar (if this option is missing then it means that Opt Out was not properly enabled by the admin on the EasySSO configuration screen

How to get to user opt out screen for JIRA Software: 

  1. Click on your user avatar and click Settings



  2. Click on SSO Preferences in the tools area to the top right.


For all applications: 

3. Check the checkbox and click save


4. Your browser will no longer try to authenticate with SSO and will be presented with the basic standard username/password screen instead.

The opt-out only applies to the specific browser on the specific machine where the you opted out. To opt back in, go back to SSO preferences under user settings, uncheck the checkbox and click save.

Opt-out is also available to anonymous users via URL:
https://<YOUR ATLASSIAN APPLICATION HOST>:<YOUR ATLASSIAN APPLICATION PORT>/<YOUR ATLASSIAN APPLICATION CONTEXT>/plugins/servlet/easysso/optout


EasySSO articles

Try for free

EasySSO for Jira, Confluence, Bamboo, Bitbucket and Fisheye/Crucible

Try for free