Skip to main content

Enable Microsoft Entra ID (Azure AD) SSO to Atlassian Bitbucket via Datawiza

About 4 min

Overview

Do you want to learn how to add Microsoft Entra ID (Azure AD) authentication to your Bitbucket without writing code? In this step-by-step tutorial, you will learn how to integrate Bitbucket with Microsoft Entra ID using Datawiza to implement OIDC/OAuth SSOopen in new window authentication in 5 mins. Note that Datawiza is a generic identity-aware OIDC/OAuth/SAML proxy with a centralized management console that you can easily use to achieve the same integration with other identity providers like Okta, Auth0, PingIdentity, Google, etc.

The benefits of using Datawiza

  • No need to learn complex OIDC/OAuth or SAML protocols
  • No need to manage refresh tokens, access tokens, or ID tokens
  • No need to manage user sessions
  • No need to use SDKs, call APIs or write code
  • Reduce weeks or months of engineering work to hours, even minutes
  • Avoid security vulnerabilities with a no-code product developed by security experts

Ready to see how easy it is? Let’s get started!open in new window

Prerequisites

Install Datawiza Access Plugin

We will install Datawiza Access Plugin through Bitbucket app: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Bitbucket Settings Click Manage apps: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Manage Apps Click Upload app: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Upload App Please contact us at info@datawiza.com for the plugin. Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Plugin The plugin will not create users automatically, so we need to create users through Bitbucket user management. Select Users and click Create user: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Create User Use email for both Email address and Username: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Create User

Introduction to the Datawiza Platform

The Datawiza Platform is a cloud-delivered platform. It includes a data plane and a control plane: Datawiza Access Proxy (DAP) and Datawiza Cloud Management Console (DCMC).
DAP is a lightweight, container-based access proxy deployed close to your application via the sidecar (agent) or gateway mode. It talks to Microsoft Entra ID on behalf of your applications, so you don’t need to worry about the integration work. DCMC is a cloud-based management console where you can configure and manage the policies of DAPs. Such a SaaS-based design makes the whole platform much easier to use.

Configurations in Datawiza Cloud Management Console

Self-register an account in the Datawiza Cloud Management Console. You can easily get started with your Google account, Microsoft account, or GitHub account.
Upon logging into the Datawiza Cloud Management Console, click the orange Getting started button. This runs a step-by-step guide for configuring your application. Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Getting Started

Add a New Deployment

The first step of the configuration process is creating a “deployment.” A deployment is a way of organizing applications and identity providers that are associated with the same cluster as Datawiza Access Proxies. Don't worry if this seems a bit complicated to understand in the beginning. You will get used to it when you work with it more. For now, just give your deployment a meaningful name and description. Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Create a New Deployment

Add a New Application

The second step is to create an application. This is simply collecting the network information of your application.
Here is an explanation of each field.

  • Platform: Select WEB here.
  • App Name: The name of your application. Put a meaningful name here. I use the Bitbucket demo app.
  • Public Domain: This is how your user will access your application. Normally it's the URL in the address bar. You can use http://localhost if you are running locally. Be sure to add the port if you have a non-standard one. We use http://localhost:9772 as an example.
  • Listen Port: This is the port that the Datawiza Access Proxy listens on. For simplicity, you can use the same port as the one in Public Domain above if you are not deploying the Datawiza Access Proxy behind a Load Balancer.
  • Upstream Servers: The URL and port combination of the Bitbucket is being protected. Mine is http://host.docker.internal:7990. Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Create a New Application

Add a New Identity Provider

The third step is to fill in the identity provider information. For Microsoft Entra ID, we offer a more convenient way to integrate Microsoft Entra ID with DCMC, which can create a new application on your behalf in your Azure tenant.
Here is the explanation of each field.

  • Name: A reasonable name for your identity provider.
  • Protocol: Modern identity providers support OIDC, and so does Microsoft Entra ID. Therefore I use OIDC here.
  • Identity Provider: Select the one that you are using, e.g. Microsoft Entra ID.
  • Automatic Generator: Whether to use one-click integration, which will create a new application on your behalf in your Azure tenant
  • Supported account type: Put restrictions on who can use this application.
  • Tenant ID: If you want to create the Microsoft Entra ID application in a specified tenant, you can enter the tenant ID here.

Click on Create to proceed. Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Create a New Microsoft Entra ID (Azure AD) IdP

Log in to your Microsoft Entra ID account. You will be asked to consent to permission to automatically create a new application on your behalf in your Azure tenant. Accept the permission. Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Sign InAtlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Permission Requested

Install and run Datawiza Access Proxy

Once clicking on the Create button, the basic configuration on the management console is finished. You will see the final step of the guide, which presents you with a page showing the simple steps to deploy Datawiza Access Proxy (DAP) with your application. Note down the commands for your deployment. The first command will download Docker and Datawiza Access Proxy image, and the second command will create a Docker Compose file and run Datawiza Access Proxy. You can refer to Install and Run Datawiza Access Proxy by command for more information.

DAP Docker Compose File

Click Done, then you will be redirected to the configuration page. Click the Applications tab and click the application: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Applications Click Attribute Pass and Click Add New Attribute Pass: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Add New Attribute Pass Add basic user info attribute pass in the type of Header (case sensitive):

FieldExpectedType
emailemailHeader
usernameusernameHeader
groupsgroupsHeader

Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Add New Attribute Pass

Now run

docker-compose -f docker-compose.yml up -d

In your browser, hit the Public Domain with path /bitbucket as you set previously, for example, http://localhost:9772/bitbucket. You should then see the DAP login page. Select the IdP we created, then the identity provider login page will be shown. Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | DAP Login PageAtlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | IdP Login Page

Note that if you are already logged into Azure AD in your browser, you may need to log out to see the login page. After logging in to Microsoft Entra ID, the Bitbucket will be shown: Atlassian Bitbucket Microsoft Entra ID (Azure AD) SSO | Bitbucket Homepage

Summary

Congratulations! You secured the Bitbucket by adding Microsoft Entra ID authentication using Datawiza, in minutes instead of weeks or months. This is only a small sampling of what Datawiza can do. See Datawiza’s online docsopen in new window or official websiteopen in new window for much more information. You can also get a free trial by signing up hereopen in new window!