Atlassian Jira SAML SSO
Single Sign On and User Identity that's easy to use
100%
Secure Authentication
54+
Integrated Add-Ons
The Challenge
Trimble Inc. uses Okta for central user management and enforces Okta SSO for secure Jira access, preventing login bypass.
Trimble Inc. is a California-based hardware, software and services technology company. It is an international company specializing in Agriculture, Building Construction, Civil Engineering and Construction, Geospatial, Transportation, and much more.
Trimble uses Okta as their Identity Provider for managing all their users in the organization in a central place. Having all the users stored in one place helps the administrators tremendously, as it removes the overhead of monitoring and managing users and user permissions separately for each Atlassian product. They use Jira as a ticketing system. As all the organization’s users are present in Okta, they wanted to allow those users present in Okta to access Jira.
So, Trimble was looking for a solution to Force Okta SSO for logging into Jira.
- Connect their Okta to their Jira and allow users to log into Jira via Okta.
- Make sure that users are not able to bypass logging into Okta.
Solutions we provided to Trimble
Jira SAML SSO
Jira Server instances do not support SSO functionality by default. So, we configured Single Sign on (SSO) between Jira and Okta using our Jira SAML SSO addon. We provided the following two features in the SAML SSO plugin to Trimble for achieving their use case.
Auto-Redirection feature to make sure that users land on Okta's login page whenever they access Jira.
Disabling password reset options so the users can't change Jira local password and use them to bypass Okta SSO.
What does miniOrange provide on the Atlassian server?
miniOrange SSO (Single Sign-on) provides secure auto login to all your apps in the cloud or on-premise from any mobile platform including iPhone and Android. It quickly increases the security of information and resources for your Atlassian applications without worrying about time for initial set up or future upgrades.
How It Works
miniOrange SAML Single Sign On (SSO) Add-On acts as a SAML Service Provider which establishes the trust between any Atlassian application and a SAML capable Identity Provider (Okta in this case). It securely authenticates the user to the Atlassian application.
We enabled the Auto-Redirection feature on the SAML add-on. Now whenever a user accesses any Jira page, the user is sent to Okta for authentication and is given access to the Jira only after successful login into Okta. So their first requirement is achieved.
Next we need to make sure that users are not able to bypass the Okta SSO.
When the users are created on Jira via Okta SSO, they get created without Jira local passwords. So, they cannot log in into Jira directly. They have to log into Jira via SSO only. But users can set the local Jira passwords to bypass Okta and log into Jira directly. There are two ways to set the Jira password. First, using the Forgot Password link on the Jira login page and second, from the Forgot Password page on the end-user profile.
To solve this problem, miniOrange provided a solution to Trimble where we gave admins the ability to decide if the user can set up the local password. If the admin disables the Forgot Password functionality, users won't be able to set local passwords either way.
Hence they will be forced to log in to Jira via Okta only.
NOTE: Jira SAML SINGLE SIGN-ON SET UP GUIDE
Key Benefits
- Force Redirection: Users are forced to use their identity provider for authentication for increased security.
- Users have to remember only one set of credentials.
- Users are automatically signed into the Atlassian Applications if they are logged into the IDP.
In conclusion, miniOrange enabled Okta SSO for Jira, ensuring secure user authentication with auto-redirection and restricted password resets. This enforced Okta login, enhancing security and simplifying user access.