What's New !!

Pricing Offers

We are happy to announce special offers for miniOrange Atlassian SSO, 2FA, REST API, User Sync and Group Sync Apps.

View Offers Now

Contact Info

For any query, product related information or any help , contact us now. You can also raise a ticket with our support.

 

Contact Us Now

SSO for JSM Customers using AWS Cognito as OAuth Provider


Our SAML/OAuth SSO for JSM Customers app offers the functionality to seamlessly integrate OAuth/OpenID Single Sign-On into the JSM customer portal, ensuring compatibility with all OAuth/OpenID Providers. This guide will outline the steps for configuring SSO between the JSM customer portal and your OAuth/OpenID Provider. By following these instructions, customers will undergo authentication via your OAuth/OpenID Provider prior to accessing the JSM customer portal. This integration facilitates a smooth customer experience while also mitigating spam ticket.


Download And Installation

  • Log into your Jira instance as an admin.
  • Navigate to the settings and Click on Apps.
  • Locate SAML/OAuth SSO for JSM Customers.
  • Click on free trial to begin a new trial SAML/OAuth SSO for JSM Customers.
  • On menu bar click on Apps. Locate SAML/OAuth SSO for JSM Customers .

Step 1: Setup AWS Cognito as OAuth Provider

  • First of all, go to Amazon Console and sign up/login in your account to Configure AWS Cognito.

    • AWS Cognito Single Sign-On (SSO) - Login to Amazon Console
  • Search for Cognito in the AWS Services search bar as shown below.

    • AWS Cognito Single Sign-On (SSO) - Search for AWS Cognito
  • Click on Create a user pool to create a new user pool.

    • AWS Cognito Single Sign-On (SSO) - click on create user pool
  • Choose the attributes in your user pool to be used during the sign-in process

    • AWS Cognito Single Sign-On (SSO) - configure sign in experience
  • Set up a strong password to configure your security requirements. Go ahead with the ‘No MFA’ option if you want users to only sign in with a single authentication factor. If you wish to enable MFA (Multi-factor authentication) it will require SMS messages which are charged separately by Amazon SNS. Learn more about that here. Click Next.

    • AWS Cognito Single Sign-On (SSO) - set up a strong password AWS Cognito Single Sign-On (SSO) - sign in with a single authentication factor
  • Configure attributes that would be required during the user sign-up flow.

    • AWS Cognito Single Sign-On (SSO) - configure sign up experinece
  • Choose additional attributes if you wish to. Click Next.

    • AWS Cognito Single Sign-On (SSO) - configure attributes for user sign up flow
  • Configure how your user pool sends email messages to users.

    • AWS Cognito Single Sign-On (SSO) - configure message delivery
  • Enter a name for your user pool, Also Under Hosted authentication pages, check ‘Use the Cognito Hosted UI’.

    • AWS Cognito Single Sign-On (SSO) - enter a name for your user pool
  • Now, Under the Domain section choose the domain type as ‘Use a Cognito domain’. Enter a domain name for your Cognito app.

    • AWS Cognito Single Sign-On (SSO) -enter a domain name
  • Under the Initial app client section, Enter a name for your app client and check on Generate a client secret.

    • AWS Cognito Single Sign-On (SSO) - enter a name for your app client
  • Now enter your Callback/Redirect URL which you will get from your SAML/OAuth SSO for JSM Customers add-on present on your Client side and paste it under the Allowed callback URLs text-field. Also refer the following image for choosing the authentication flows for your app.

    • AWS Cognito Single Sign-On (SSO) - enter your callback url
  • Now, Under Advanced app client settings. Select Identity provider as Cognito user pool & Select Authorization code grant under the OAuth 2.0 grant types and also select openid,email and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below). Click on the Next button to save your configurations.

    • AWS Cognito Single Sign-On (SSO) - advanced app client settings
  • Now, Review your selection of requirements. Click Create user pool to confirm the selection and create a user pool.

    • AWS Cognito Single Sign-On (SSO) - review your selection of requirements AWS Cognito Single Sign-On (SSO) - main application client settings
  • After successfully creating your user pool, Select your pool name from the list of pools to start with user creation.

    • AWS Cognito Single Sign-On (SSO) - select your pool name
  • Go to the Users tab, and click Create user.

    • AWS Cognito Single Sign-On (SSO) - create user
  • Enter details such as username, email address & password. Click on Create user to save the details.

    • AWS Cognito Single Sign-On (SSO) - enter username email password
  • After the successful creation of the user, you will need a copy of the Cognito domain, Client ID, and Client Secret. Go to the 'App Integration' section and copy the complete domain name {your domain name}.auth.{region name}.amazoncognito.com.

    • AWS Cognito Single Sign-On (SSO) - app integration tab
  • To get the Client ID and Client Secret, stay on the same 'App Integration' tab and scroll down to the 'App clients and analytics' section. Click on your App client name to see the Client ID and Client Secret.

    • AWS Cognito Single Sign-On (SSO) - app clients and analytics AWS Cognito Single Sign-On (SSO) - client id client secret

Step 2: Setup JSM as OAuth Client

  • Go to the Manage Apps -> click Getting started under SSO Integration with Helpdesk. then click on the Add New Indentity Provider.
    • SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login,IDP Metadata Link
  • Select OAuth/OIDC and click on the next button.
    • SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login,IDP Metadata Link
  • Select your preferred IDP from the dropdown. If your preferred IDP is not present, select custom IDP.
  • Enter Client Id, client secret & AWS Cognito Domain name as {your domain name}.auth.{region name}.amazoncognito.com
  • Add https://{domainName}/logout?client_id={ClientID}&logout_uri={Sign out URL} in logout endpoint. This endpoint will logout you from cognito when you     logout from JSM customer portal.
  • Scope is required. Configure Scope as openid.
  • Click on Save button and then test configuration for verifying the entered details.
    • SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login,IDP Metadata Link

Step 3: User Attribute Mapping

  • Once you see all the values in Test Configuration, go to User Attribute Mapping. Map attributes like Email, firstname, lastname, etc. Click on Save.
    • SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login,IDP Metadata Link

Step 4: Integrate Atlassian HelpDesk with JSM SSO

  • Click on the Configure API Token and configure the Service Account API token with the email.
    • It is necessary to have admin permissions for the service account.
    SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login,IDP Metadata Link
  • After successful configuration of API token all the service desk projects with respective links will be displayed. These substituted links will be used by customers for accessing particular projects with SSO.
    • SAML Single Sign On (SSO) using Okta Identity Provider, Okta SSO Login,IDP Metadata Link
  • Copy any of the substitute links you see for your portals and try accessing it in a private browser window. You would be automatically redirected to your Identity Provider for authentication and would be allowed access to the portal only after successful authentication.



Free Trial

If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.