SSO for JSM Customers using ADFS as OAuth Provider


Our SAML/OAuth SSO for JSM Customers app offers the functionality to seamlessly integrate OAuth/OpenID Single Sign-On into the JSM customer portal, ensuring compatibility with all OAuth/OpenID Providers. This guide will outline the steps for configuring SSO between the JSM customer portal and your OAuth/OpenID Provider. By following these instructions, customers will undergo authentication via your OAuth/OpenID Provider prior to accessing the JSM customer portal. This integration facilitates a smooth customer experience while also mitigating spam ticket.


Download And Installation

  • Log into your Jira instance as an admin.
  • Navigate to the settings and Click on Apps.
  • Locate SAML/OAuth SSO for JSM Customers.
  • Click on free trial to begin a new trial SAML/OAuth SSO for JSM Customers.
  • On menu bar click on Apps. Locate SAML/OAuth SSO for JSM Customers .

Step 1: Setup ADFS as OAuth Provider

  • To perform SSO with ADFS as Provider, your application must be https enabled.
  • Navigate to Server Manager Dashboard->Tools->ADFS Management.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, ADFS Management
  • Navigate to ADFS->Application Groups. Right click on Application Groups & click on Add Application group then enter Application Name. Select Server Application & click on next.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, Application Group
  • Copy Client Identifier. This is your Client ID. Add Callback URL in Redirect URL. You can get this callback URL from plugin. Click on next.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, Client Identifier
  • Click on Generate shared secret. Copy the Secret value. This is your Client Secret. Click on Next.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, Generate Client Secret
  • On the Summary screen, click Next. On the Complete screen, click Close.
  • Now, right-click on the newly added Application Group and select Properties.
  • Click on Add application from App Properties.
  • Click on the Add application. Then select Web API and click Next.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, Add application
  • On the Configure Web API screen, enter the domain name address into the Identifier section. Click Add. Click Next.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, SSO Login Configure
  • On the Choose Access Control Policy screen, select Permit everyone and click Next.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, Access Control Policy
  • On the Configure Application Permission, by default openid is selected as a scope & click on next.
    • OAuth / OPenID Single Sign On (SSO) using ADFS, Configure Application
  • On the Summary screen, click Next. On the Complete screen, click Close.
  • On the Sample Application Properties click OK.

Step 2: Setup JSM as OAuth Client

  • Go to the Manage Apps -> click Getting started under SSO Integration with Helpdesk then click on the Add New Identity Provider.
    • SSO for JSM Customers using ADFS as OAuth Provider | add identity provider
  • Select OAuth/OIDC and click on the next button.
    • SSO for JSM Customers using ADFS as OAuth Provider | select protocol
  • Select ADFS from the Selected Application dropdown menu.
  • Enter Client ID, Client Secret & ADFS domain, and scope as openid.
  • Enter JWKS EndPoint URL or Public Key for signature validation.
  • Click on Save button and then test connection for verifying the entered details.
    • SSO for JSM Customers using ADFS as OAuth Provider | plugin configuration

Step 3: User Attribute Mapping

  • Once you see all the values in Test connection, go to User Attribute Mapping. Map attributes like Email, firstname, lastname, etc. Click on Save.
    • SSO for JSM Customers using ADFS as OAuth Provider | attribute mapping

Step 4: Integrate Atlassian HelpDesk with JSM SSO

  • Navigate to the Jira Configuration tab. Click on the Configure API Token and configure the Service Account API token with the email.
    • It is necessary to have admin permissions for the service account.
    SSO for JSM Customers using ADFS as OAuth Provider | service account
  • After successful configuration of API token all the service desk projects with respective links will be displayed. These substituted links will be used by customers for accessing particular projects with SSO.
    • SSO for JSM Customers using ADFS as OAuth Provider | API token
  • Copy any of the substitute links you see for your portals and try accessing it in a private browser window. You would be automatically redirected to your Identity Provider for authentication and would be allowed access to the portal only after successful authentication.



Free Trial

If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.