By default, the Secure macro will prompt users to confirm their Confluence password prior to decrypting the secured information.
However, if your organization uses a single sign-on solution or a custom authentication mechanism for your Confluence instance, you will need to enable SSO authentication support.
This allows your users to use the Secure macro without a password prompt but will still respect the User(s) and Group(s) parameter of the macro and only allow those permitted users to view the secured content.
Enabling SSO authentication support
As an added security measure this feature can only be enabled by specifying the following System Property in Confluence:
-Dcom.servicerocket.security.sso.support.enabled=true
For more information and instructions on enabling System Properties, consult the Confluence documentation on configuring System Properties.
Checking the status of SSO authentication support
- Go to the Gear Icon > General configuration.
- Once the Confluence administration screen loads, look for Security and Encryption Configuration in the sidebar.
Then click Settings. - On the Security and Encryption Settings screen, under the SSO authentication support section, you will be able to see the status of your Confluence instance's SSO authentication support.
In the screenshot above, the status of SSO authentication support is ENABLED which means the System Property -Dcom.servicerocket.security.sso.support.enabled
is set totrue
.
Notes
- Using functions such as Export to PDF, Export to HTML, as well as email notifications will not automatically decrypt secured data.