Using the Secure macro with SSO or custom authentication

By default, the Secure macro will prompt users to confirm their Confluence password prior to decrypting the secured information.

However, you will need to enable SSO authentication support for your Confluence instance if your organization uses

  • a single sign-on solution

  • or a custom authentication mechanism

This allows your users to use the Secure macro without a password prompt but will still respect the User(s) and Group(s) parameter of the macro and only allow those permitted users to view the secured content.

Enabling SSO authentication support

As an added security measure this feature can only be enabled by specifying the following System Property in Confluence.

-Dcom.appfire.security.sso.support.enabled=true

For earlier versions of the app this property is enabled using the following system property.

-Dcom.servicerocket.security.sso.support.enabled=true

For more information and instructions on enabling System Properties consult the Confluence documentation on configuring System Properties.

Checking the status of SSO authentication support

Go to

  • the Gear Icon > General configuration

Once the Confluence administration screen loads

  • look for Security and Encryption Configuration in the sidebar

  • choose Settings

On the Security and Encryption Settings screen, under the SSO authentication support section, you will be able to see the status of your Confluence instance's SSO authentication support.

In the screenshot above, the status of SSO authentication support is Enabled which means the System Property -Dcom.appfire.security.sso.support.enabled is set to true.

Earlier versions of the app may display the system property -Dcom.servicerocket.security.sso.support.enabled=true

Using functions such as Export to PDF, Export to HTML, as well as email notifications will not automatically decrypt secured data.