KPMG streamlines SSO to their Atlassian Apps by delegating authentication to Azure AD and leveraging provisioning to centralized LDAP using miniOrange OAuth and Rest API

KPMG streamlines SSO to their Atlassian Apps by delegating authentication to Azure AD and leveraging provisioning to centralized LDAP using miniOrange OAuth and Rest API

miniOrange x KPMG

Company Background:

KPMG is a renowned global professional services firm established in 1987. Offering a wide range of audit, tax, and advisory services, KPMG serves businesses, governments, and organizations worldwide.

Problem:

A KPMG representative approached us seeking a Single Sign-On (SSO) solution for their Jira, Confluence, and Bitbucket applications. Their goal was to tightly control authorization and authentication across their servers, covering both API and browser levels, to prevent unauthorized access. They specifically requested centralizing authentication responsibilities to an Azure AD application.

Solution We Provided:

miniOrange is a prominent provider of security and access management solutions in the Atlassian Marketplace. We were able to address KPMG's specific needs through our OAuth and REST API applications. The OAuth plugin managed user authorization for accessing Atlassian apps via browsers, while the REST API plugin handled authentication for REST APIs.

Challenges Faced During Deployment:

  • Managing existing users in the system was straightforward with our applications. However, onboarding new employees posed a challenge. KPMG has specific rules for assigning permissions to new employees, managed through a scripted call to their Centralized LDAP. This data is synchronized with Jira, Confluence, and Bitbucket after login.
  • The miniOrange SSO application couldn't directly log in new users. To overcome this challenge we integrated the scripted call into our process, ensuring seamless onboarding.
  • Additionally, KPMG also wanted us to restrict all Confluence API calls and utilize Azure tokens for authentication. We were able to address this requirement through our REST API authentication module by restricting all public and private APIs and redirecting users to Azure for authentication.
  • miniOrange's OAuth and REST API applications facilitated a secure authentication process to KPMG, ensuring swift and efficient onboarding of new users.

    • KPMG OAuth and Rest API

If you’re also facing access control challenges and require assistance with your Single Sign-On (SSO) plugin, reach out to us at info@xecurify.com or call +1 978 658 9387 for our expert support today!