5 advanced admin controls in Bitbucket Cloud

There's no magic recipe for great team collaboration, but if we had to boil it down, it'd come down to visibility and organization. Teams work best when each individual has the flexibility to do their job their own way while sharing a set of common goals and protocols. But when it comes to real-life workflows, this balance can be a little trickier to implement.

That's why we've built a layer of advanced admin controls into our Premium tier of Bitbucket Cloud, so that you can empower your team to work fast while maintaining code quality and security.

Let's take a look at five five advanced admin features you can set up in Premium:

Enforced Merge Checks

Enforced merge checks make it easy to ensure that every pull request is fully vetted before it gets merged. This gives admins the ability to require users to perform checks before merging. Admins can require all of the checks available on Free and Standard, and more:

Setting Result
Require a certain number of approvers Get at least 1 additional set of eyes on any change before it is merged. (On the Bitbucket Cloud team, we require 2 approvals for every Pull Request.)
Require a certain number of successful builds Peer reviews are great but take that extra step and make sure the builds are passing pre-merge. Everyone says don’t break the build, but do you mean it?
Require all tasks to be completed Those tasks are there for a reason. Make sure all the feedback reviewers leave gets addressed, instead of promises to fix it later.
Reset approvals when the source branch of a pull request is modified Along with required approvers, this guarantees that no change goes unreviewed. This can be overkill for some branches, where reviewers can approve a PR while trusting the author to make some small tweaks, but it’s great for making sure nothing slips into a critical branch (typos in the release branch, anyone?).

Deployment Permissions

Configure permissions to control who can do deployments and from which branch. You can use Deployment Permissions with our built-in CI/CD tool, Bitbucket Pipelines, and customize each environment to protect your customers without slowing down your team. Here are the permission settings you can use today:

  • Admin restrictions: This setting ensures that only admins can deploy to an environment. With admin restrictions in place, a deployment by a non-admin is automatically paused and can only be resumed by an administrator.
  • Branch restrictions: Branch restrictions help you control what can be deployed to critical environments like production. Teams using Git-flow, gatekeeper PRs, or promotion workflows can enforce their process with branch restrictions. Any deployments running from an invalid branch will automatically be paused.

Deployment Permissions combined with deployment variables and branch permissions gives you a robust way to control and protect your deployment environments.

Enforced 2FA

Enforced two-factor authentication requires all users on your team to have 2FA set up on their accounts. When you enable this option for your team, users will need to have two-step verification enabled in order to interact (view, push, clone, etc.) with your account's private content: repositories, team settings, issue trackers, wikis, and snippets. If a user doesn't have two-step verification enabled at the time of access, they’ll see instructions on how to enable two-step verification in the UI and continue.

IP Whitelisting

Designate safe IP addresses that team members can interact from (view, push, clone, etc.), ensuring that data exchanges are always secure. When IP whitelisting is enabled, if a user tries to access any of your team's repositories, issue trackers, wikis, snippets or team settings from an un-whitelisted IP, they'll receive an error. This helps prevent unwanted third parties from accessing your account even if they have acquired a team member's email address and password.

IP whitelisting with Bitbucket will allows you to move off on-prem version control systems and enjoy the savings and convenience of hosting their code in the cloud. Some common use cases include:

Security controls on device: Ensure the desired security controls are in place on a user's device before the user can even get network access to private content.

VPN Server: Lock down your VPN server for remote employees to access private content via authentication from their device.

Strict no work from home policy: Certain industries simply can't allow for working from home; whitelisting an office IP would ensure this stays true.

Atlassian Access

Using more than just Bitbucket Cloud with your team? Atlassian Access is an enterprise-wide subscription service that allows you to easily manage your user and data across multiple Atlassian cloud products.

You can use Atlassian Access with Bitbucket, Jira Software, Jira Service Desk, Confluence, and Trello (coming soon). With Access and Bitbucket, you get SAML single-sign on (SSO) and priority support from our global team.

Learn more and get started with Access –>

Get started with advanced admin controls

Interested in implementing these settings with your team? Check out Bitbucket Premium and start setting up these permissions today!