Single Sign-On for Walmart
Seamless SSO Integration and User Management with Crowd and REST API
Know MoreAtlassian Crowd Server
Single Sign On and User Identity that's easy to use
100%
Secure Authentication
54+
Integrated Add-Ons
The Challenge
SAML Single Sign-On for Jira and Confluence with Data Center Setup
Walmart aimed to enhance its end-user experience by integrating SAML-based Single Sign-On (SSO) for Jira and Confluence into its existing authentication process.
Being our existing client, Walmart contacted us with the query of providing SSO solutions and they had additional requirements specific to their Data Center (DC) environment, including seamless migration of users and groups, handling group name incompatibility, supporting enhanced security protocols, ensuring direct administrative access, managing a high concurrent login environment, and restricting REST API access for end users.
Solutions we provided to Walmart
Crowd SAML SSO
REST API Authentication
We provided Walmart with a robust SAML-based Single Sign-On solution for Jira and Confluence, allowing them to streamline their user authentication process. To address their requirement for migrating users and groups from Crowd to Jira and Confluence, we implemented a “One-Click Migration” feature, ensuring a smooth migration process with zero downtime. This feature significantly reduced the resources needed to maintain the Crowd server.
During the integration, we identified that the group names received from Walmart’s SAML IDP were incompatible with Atlassian’s group name format. To resolve this, we introduced the “On-the-Fly Group Name Transformation” feature, which seamlessly transformed the group names to match the required format. Walmart also required support for Anchored SAML Authentication, an additional security layer demanded by their IDP. We added this advanced option to our plugins, enhancing security and ensuring compliance with their authentication process.
In their multi-instance Data Center environment, Walmart wanted administrators to have the ability to access specific Jira and Confluence instances directly after SSO. For this, we provided the “Direct Node URL Access for DC Maintenance” feature, enabling direct access for administrative tasks. Additionally, Walmart’s high-load environment, which sees a large number of concurrent login attempts, required a solution capable of handling such volume. Our SSO solution was optimized to efficiently manage these high login loads without compromising performance.
Lastly, Walmart needed to restrict access to Jira and Confluence REST APIs to prevent end users from using their Active Directory (AD) credentials to access sensitive APIs. We implemented the “Group-Based Restriction” feature, which allowed only service accounts to interact with the REST APIs, ensuring a secure and controlled API access environment.
How It Works
miniOrange provided Walmart with a robust Single Sign-On (SSO) solution for their Atlassian applications by integrating the SAML SSO Add-On, which acts as a Service Provider to establish secure authentication with Walmart’s SAML Identity Provider (IDP). This streamlined user authentication and eliminated their dependency on Crowd with the “One-Click Migration” feature, allowing seamless migration of users and groups to Atlassian applications.
To address group name incompatibilities, the “On-the-Fly Group Name Transformation” feature was implemented to transform and map group names from the IDP into a compatible format for Atlassian applications. For enhanced security, the “Anchored SAML Authentication” feature enabled the addition of a signing certificate to SAML requests and responses.
Walmart’s Data Center environment was optimized with the “Direct Node URL Access for DC Maintenance” feature, which ensured SAML responses were redirected to the originating instance, allowing administrators direct access. Additionally, “Group-Based Restriction” ensured secure REST API access by allowing only specific user groups to perform API calls.
SAML Single Sign on is the best add-on that works with all Identity Providers, and is able to handle the high load of concurrent login requests in Walmart’s environment. Users can sign into Atlassian application with your SAML 2.0 capable Identity Provider. We support all known IdPs - Google Apps, ADFS, Azure AD, Okta, OneLogin, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ, miniOrange, etc.
NOTE: SAML SINGLE SIGN-ON SET UP GUIDES
Key Benefits
- Allowed their admin to login into specific instances by performing SSO which helped them in debugging issues.
- It made it easier for Walmart to migrate users and groups from Crowd to other Atlassian apps with 0 downtime.
- Access to REST API's was restricted to only those users who were present in the assigned groups.
In conclusion, marketplaces have many products according to business needs. For Walmart, our product proved to be the best. What about you? Which product is best for you?
Reference Links
