KPMG Enhances Atlassian SSO with Authenticating Azure AD and LDAP Integration
Centralized Authentication and Provisioning Made Easy with Azure AD and miniOrange
Know MoreKPMG Streamlines SSO, Authentication and LDAP Integration
with miniOrange OAuth and RESTAPI
100%
Secure Authentication
54+
Integrated Add-Ons
The Challenge
OAuth SSO for Atlassian Applications
KPMG is a renowned global professional services firm established in 1987. Offering a wide range of audit, tax, and advisory services, KPMG serves businesses, governments, and organizations worldwide.
KPMG sought to:
- Enable Single Sign-On (SSO) for Jira, Confluence, and Bitbucket, centralizing authentication through Azure AD.
- Restrict Confluence API calls and enforce Azure tokens for both public and private API access.
- Simplify user onboarding by integrating their Centralized LDAP for permission assignment and synchronization across Atlassian applications.
- Ensure tight control over authorization at both the browser and API levels, preventing unauthorized access.
Solutions we provided to MAN Truck & Bus SE
OAuth SSO
REST API Authentication
The OAuth plugin for browsers managed user authorization by enabling browser-level access to Atlassian applications through Azure AD. This allowed KPMG to centralize authentication and ensure secure access for users based on their Azure AD credentials.
The REST API authentication module further enhanced security by enforcing Azure token-based authentication for all Confluence API calls. This implementation effectively restricted unauthorized access, ensuring that both public and private API endpoints were protected.
To simplify the onboarding process for new users, miniOrange integrated KPMG’s scripted call to their Centralized LDAP. This enabled seamless assignment of permissions to new employees and automatic synchronization of these permissions with Jira, Confluence, and Bitbucket, ensuring a smooth transition for new team members.
Additionally, comprehensive access control was achieved by unifying user authentication and authorization processes across all Atlassian applications. This approach ensured robust security for both browser and API access points while maintaining an efficient and user-friendly workflow.
How It Works
For browser-level access, users authenticate through Azure AD using the OAuth plugin. This ensures that access to Atlassian applications is granted based on centralized Azure AD permissions, streamlining the authentication process and maintaining a high level of security.
At the API level, the REST API module authenticates calls by validating Azure tokens. This approach restricts access to both public and private APIs, ensuring that only authorized users can interact with sensitive endpoints, thereby enhancing overall security.
For user onboarding, scripted calls to KPMG's Centralized LDAP facilitate the assignment of permissions for new employees. Once logged in, these permissions are seamlessly synchronized with Jira, Confluence, and Bitbucket, enabling efficient integration of new team members into the system.
Key Benefits
- Centralized Authentication: Azure AD serves as the single source of truth for all browser and API authentications.
- Enhanced Security: Unauthorized API access is effectively blocked with Azure token enforcement.
- Streamlined Onboarding: Automated permission assignment and synchronization reduce manual effort and error.
- Improved Workflow: Simplified user authentication across Atlassian applications enhances productivity and user experience.
In conclusion, marketplaces have many products according to business needs. For KPMG, our product proved to be the best. What about you? Which product is best for you?
