Disabling basic authentication
In Jira and Bitbucket, you can use a username and password to authenticate through the login portal or use basic authentication in API calls. Since using a username and password is less secure than using Single Sign-On (SSO), we strongly advise you to disable both ways of authentication with username and password completely once you add an alternative SSO authentication method to your environment.
Some features in Atlassian products rely on using username and password for authentication in API calls. If you wish specific usernames or URLs to be able to use basic authentication in REST API calls, you can create an allowlist for that. Create an allowlist when basic authentication is disabled
Before you begin
Blocking basic authentication is a native feature in:
Jira 8.16 or later
Bitbucket 7.12 or later
- Bamboo 8.1 or later
- Confluence 7.16 or later
- Crowd 6.2 or later (managed only through REST API)
If you use earlier versions of these products, you can still get this feature by installing the SSO for Atlassian Data Center app from Atlassian Marketplace. Make sure your product and version is listed as supported.
Disable basic authentication
To completely disable basic authentication, you need to hide the default login form and also disable basic authentication on API calls.
To disable the default login method:
Go to administration options for your product:
In Jira, select Administration
, then System, then Authentication methods (in earlier versions named SSO 2.0).- In Bitbucket, select Administration , then Accounts, then Authentication methods (in earlier versions named SSO 2.0).
- Next to the default authentication method, select Actions, then Edit.
- Uncheck the Show default login form checkbox.
- Select Save configuration.
To disable basic authentication in API calls:
- Go to the Authentication methods page mentioned above.
- Toggle off the Allow basic authentication on API calls option.
Results
Basic authentication is disabled in your environment.