Atlassian OAuth/OIDC SSO
SSO for multiple identities in Atlassian applications
100%
Secure Authentication
54+
Integrated Add-Ons
The Challenge
Configure SSO for LDAP and custom OAuth provider in Jira and Confluence
Porsche Informatik provides software development and IT services for Porsche Holding Salzburg and Volkswagen Group.
Porsche Informatik was looking for a product that would allow users to log in from LDAP Directory and their OAuth Provider parallelly with seamless integration in Atlassian applications like Jira and Confluence. This configuration required two different login flows which could be setup with multiple SSO applications in Jira and Confluence using miniOrange OAuth/OIDC SSO Add-ons.
Solutions we provided to Porsche Informatik
OAuth/OIDC SSO
We configured Single Sign-On between Porsche Informatik's OAuth Server and Atlassian application (e.g. Jira) using OAuth/OIDC SSO Add-On.
OAuth/OIDC Add-ons has a provision to configure more than one SSO application. However, for users to have better SSO experience in Atlassian applications, Redirection rules were configured in OAuth/OIDC add-ons. It helped control which users see the login page versus which use SSO to login into the application. This can be managed using different parameters such as group or directory of the user. In this case, users were differentiated based on the groups. The groups belonging to LDAP were allotted one rule and another one was allotted for the OAuth provider. User groups are matched with the configured rules at the time of login and redirect accordingly to LDAP or OAuth provider.
miniOrange successfully implemented the solution as per Porsche Informatik's requirement i.e. “SSO support for multiple Identities in Atlassian applications”.
Benefits of using the miniOrange OAuth/OIDC Apps
SSO in any application is challenging with Multiple User Stores. Keeping End user’s login experience hassle-free is one of the important aspects of SSO. It is achieved through the miniOrange OAuth/OIDC SSO addons for Atlassian applications through the support of SSO for multiple OAuth Providers.
- Replace the Existing Atlassian Login with SSO allowing users to authenticate using their existing LDAP or OAuth provider credentials.
- Multiple SSO Connections Seamlessly manage and connect multiple user stores with the Atlassian application.
- Strengthen Security Enhance the Security by enforcing SSO to all users.
How It Works
Connect Jira and Confluence With OAuth Provider and LDAP at the same time
The user will be prompted to enter their username. Users are differentiated based on their groups stored in Atlassian application. Based on the user groups identified and configured in Redirection Rules, the user will be redirected to the particular user store.
Map the Subgroups of Custom OAuth Providers in Atlassian applications
The group response from the OAuth provider contains groups and their subgroups. This was a different kind of response from the standard group response which only has groups. We made changes accordingly and mapped the received group array with Jira groups. Similarly, for Confluence we mapped the received subgroups with Confluence groups.
OAuth/OpenID SSO apps gives the ability to enable OAuth/OpenID/OIDC Connect Single Sign-On for all Atlassian applications likeJira, Confluence, Bitbucket, Bamboo, Fisheye. OAuth/OpenID/OIDC Connect SSO app supports all known providers along with custom providers such asGoogle, Discord, GitLab, GitHub, Meetup, ADFS, Azure AD, Microsoft, Slack, Keycloak, AWS Cognito, OKTA and Salesforce. ack, Keycloak, AWS Cognito, OKTA and Salesforce.
NOTE: OAUTH/OIDC SINGLE SIGN-ON SET UP GUIDE
Key Benefits
- Give employees a smooth, secure and passwordless login experience across platforms, and devices.
- Multiple OAuth/OIDC Apps setup allows SSO configurations for multiple user identities. e.g. OAuth provider, Crowd, LDAP etc.
- Redirection rules simplify user login experience for multiple OAuth/OIDC SSO applications.
In conclusion, miniOrange successfully enabled SSO for multiple identities in Jira and Confluence, integrating LDAP and a custom OAuth provider. Redirection rules ensured a seamless and secure login experience, meeting Porsche Informatik's requirements.