SSO for JSM Customers using miniOrange as OAuth Provider
Our SAML/OAuth SSO for JSM Customers app offers the functionality to seamlessly integrate OAuth/OpenID Single Sign-On into the JSM customer portal, ensuring compatibility with all OAuth/OpenID Providers. This guide will outline the steps for configuring SSO between the JSM customer portal and your OAuth/OpenID Provider. By following these instructions, customers will undergo authentication via your OAuth/OpenID Provider prior to accessing the JSM customer portal. This integration facilitates a smooth customer experience while also mitigating spam ticket.
Download And Installation
- Log into your Jira instance as an admin.
- Navigate to the settings and Click on Apps.
- Locate SAML/OAuth SSO for JSM Customers.
- Click on free trial to begin a new trial SAML/OAuth SSO for JSM Customers.
- On menu bar click on Apps. Locate SAML/OAuth SSO for JSM Customers .
Step 1: Setup miniOrange as OAuth Provider
- Sign up on miniOrange. After that, go to miniOrange Admin console and login with your miniOrange credentials.
- From the left menu, go to Apps.
- In the right upper corner, select Add Application.
- Navigate to OAuth/OIDC card.
- Select OAuth2/OpenID Connect from the OAuth application.
- Now enter the following information as shown below:
Client Name App name you want to provide. Redirect-URL Enter Callback URL from the plugin
- For adding the policy for OAuth App, select Group Name as Default and enter the Policy Name of your choice, and select Login Method as Password.
- Click on Save button. Your app has been successfully created.
- Your application is configured. Now, go to Apps > Manage Apps > Your app > Select > Edit.
- You can see all the information for the app like Client ID and Client Secret .Also OAuth endpoints are mentioned, you will require Authorize Endpoint and Access Token Endpoint in further step.
Step 2: Setup JSM as OAuth Client
- Go to the Manage Apps -> click Getting started under SSO Integration with Helpdesk then click on the Add New Identity Provider.
- Select OAuth/OIDC and click on the next button.
- Select miniOrange from the Selected Application dropdown menu.
- Enter all the details- Client ID, Client Secret & Domain Name as noted in the above steps.
For Example If your auth endpoint is this - https://login.xecurify.com/moas/idp/openidsso then your domain name is login.xecurify.com - Use scope as profile and email.
- Put a tick on Use State Parameter. If checked, state parameter will be added in the authorized server request.
- Click on Save button and then test connection for verifying the entered details.
Step 3: User Attribute Mapping
- Once you see all the values in Test connection, go to User Attribute Mapping. Map attributes like Email, firstname, lastname, etc. Click on Save.
Step 4: Integrate Atlassian HelpDesk with JSM SSO
- Navigate to the Jira Configuration tab. Click on the Configure API Token and configure the Service Account API token with the email.
- After successful configuration of API token all the service desk projects with respective links will be displayed. These substituted links will be used by customers for accessing particular projects with SSO.
- Copy any of the substitute links you see for your portals and try accessing it in a private browser window. You would be automatically redirected to your Identity Provider for authentication and would be allowed access to the portal only after successful authentication.
Recommended Add-Ons
Two Factor Authentication
Enable 2FA/MFA for users & groups and let users configure 2FA during their first login.
Know MoreUser Sync SCIM Provisioning
Synchronize users, groups & directory with SCIM & REST APIs for Server/DC.
Know MoreAPI Token Authentication
Secure your JIRA Data Center/Server REST API using API Tokens.
Know MoreAdditional Resources
Bitbucket Git Authentication App | Kerberos/NTLM Apps | Word/PDF Exporter | WebAuthn | SonarQube SSO | Jenkins SSO
If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.