Disabling basic authentication
In Jira and Bitbucket, you can use a username and password to authenticate through the login portal or use basic authentication in API calls. Since using a username and password is less secure than using Single Sign-On, we strongly advise you to disable both ways of authentication with username and password completely once you add an alternative single sign-on authentication method to your environment.
Some features in Atlassian products rely on using username and password for authentication in API calls. If you wish specific usernames or URLs to be able to use basic authentication in REST API calls you can create an allowlist for that. Learn how to create an allowlist when basic authentication is disabled.
Before you begin
Blocking basic authentication is a native feature in:
Jira 8.16 or later
Bitbucket 7.12 or later
- Bamboo 8.1 or later
- Confluence 7.16 or later
If you use earlier versions of these products, you can still get this feature by installing the SSO for Atlassian Data Center app from Atlassian Marketplace. Make sure your product and version is listed as supported
Disable basic authentication
To completely disable basic authentication, you need to hide the default login form and also disable basic authentication on API calls.
To disable the default login method:
Go to administration options for your product:
In Jira, select Administration
> System > Authentication methods (in earlier versions named SSO 2.0).- In Bitbucket, select Administration > Accounts > Authentication methods (in earlier versions named SSO 2.0).
- Next to the default authentication method, select Actions > Edit.
- Clear the Show default login form checkbox.
- Select Save configuration.
To disable basic authentication in API calls:
- Go to the Authentication methods page, mentioned above.
- Toggle off the Allow basic authentication on API calls option.
Results
Basic authentication is disabled in your environment.