miniOrange SAML SSO Apps for Data Center
Why miniOrange?
Free Installation
We Provide Help In The Installation And Setup Of The Plugin
Advanced features
We provide advanced Single Sign-On and Security Features
World-Class Support
We provide dedicated support for every query with a quick response
Fit for every use-case
Built over 3+ years with feedback from customers to fit real world usecases
What is SSO?
Single sign-on (SSO) is a session and user authentication service that allows a user to use one set of login credentials (e.g., username and password) to access multiple services and applications.
In SSO, credentials of all the users are stored on the trusted third party, Identity Provider(IDP). That IDP is connected to the application providing services, Service Provider(SP). Now whenever a user tries to access any service on SP, a request to sent to IDP and it authenticates the user and then the user can access services on SP. The IDP is connected to many SPs. So for using services on all those SPs, we need to remember only one set of credentials(IDP credentials).
For Single sign-on, most commonly used protocols are SAML, Kerberos/NTLM, OAuth 2.0, OpenID Connect (OIDC), JWT, etc
miniOrange SAML SSO Apps for the Atlassian Applications
miniOrange provides SAML SSO plugins for all the Atlassian servers (Jira, Confluence, Bitbucket, Bamboo and Fisheye) and for Atlassian Data Centers (Jira, Confluence and Bitbucket). And we provide support for all the known IDPs - miniOrange, Google Apps, ADFS, Okta, OneLogin, Azure AD, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ, etc.
Here are our SAML plugins:
Jira | Confluence | Bitbucket | Bamboo | Fisheye
Feature Comparison:
Both miniOrange and Atlassian provide SAML SSO feature in all Atlassian host applications. miniOrange SAML plugins are rich in features and very easy to setup. All the features of both Atlassian SSO2.0 and miniOrange SAML plugins are listed and compared below.
Single Sign-On Features:
| Feature | miniOrange SSO plugins | Atlassian SSO2.0 plugin |
|---|---|---|
| Basic Single Sign-On : Allows authentication into Atlassian applications through the Identity Provider you use to manage your users and groups. |
||
| Support for 20+ IDPs : Configure any of the popular Identity Providers such as ADFS, Azure AD, Google Apps, Okta, OneLogin, Salesforce, Keycloak, Oracle, Ping etc with detailed setup guides and videos to help you along the way. |
||
| Import metadata using file : A one-click configuration feature that will allow you to set up trust between IDP and Atlassian by just uploading a file, or providing a URL. /URL |
||
| Metadata Rollover - Automatic Sync of IDP metadata : Automatically retrieves IDP metadata at regular intervals to ensure the most up-to-date certificates or IDP side changes are synced, preventing SSO failures caused by expired certificates. |
||
| Provision of testing the configuration before actually doing SSO : Once the initial configuration is done, test it with the click of a button before ever having to actually perform SSO. |
||
| Configurable SP URLs : You can configure your own application Base URL, which is particularly useful when your Atlassian application is running behind a proxy which modifies the application’s URL. |
||
| Provision to customize SP metadata : You can customize your application metadata with your organization, technical/support contact details and custom attributes which you would like to be associated with your IDP. |
||
| Download SP metadata option : A one-click option to configure your Atlassian application on your IDP by downloading the application’s metadata and simply providing this to the IDP team. |
||
| Option to choose NameID format : NameID is considered as a unique identifier of the user performing SSO. Sometimes the application requires IDP to send the specific attributes like username or email to match the SSO users locally. |
Security Features:
| Feature | miniOrange SSO plugins | Atlassian SSO2.0 plugin |
|---|---|---|
| Provision to Encrypt and Decrypt SAML requests and responses : Allows you to encrypt SAML requests and then decrypt the responses sent by your IDP, providing a stronger layer of validation to the SSO process. |
||
| Provision to send signed requests : Add another layer of security to your SSO flow by sending a signed SAML request. |
||
| Provision to customize the SP certificates : If your organization already uses a keystore with a specific set of certificates for each application, you can configure those within the plugin as per your organization’s rules. |
User and Groups Provisioning:
| Feature | miniOrange SSO plugins | Atlassian SSO2.0 plugin |
|---|---|---|
| Synchronization of user profile Attributes : Replicate your user’s profile from your IDP into your Atlassian application by syncing their names, email addresses, phone numbers etc. |
||
| Choice of login attribute - Username/Email : Choose which attribute your users will login with, whether it will be their email addresses or their usernames. |
||
| Regex for username - To use part of the email as username : Have an option to extract your user’s username from their email address and log them in using this extracted attribute. |
||
| Assigning groups with application permissions to users on SSO : Forget the hassle of assigning application access groups to users manually when they sign-up, using this feature a default application group will be assigned to users upon SSO. |
||
| Synchronization of groups on SSO : Replicate your user’s access level from your IDP into your application by synchronizing their groups when they log in via SSO. |
||
| Provision to map groups from IDP to local groups : Are the groups you have on your IDP named differently than the groups in your application? We provide a feature where you can map the group names to each other to replicate the access levels. |
Redirection Rules:
| Feature | miniOrange SSO plugins | Atlassian SSO2.0 plugin |
|---|---|---|
| Auto Redirect to Identity provider for Login/Force Authentication : This will allow you to force users to authenticate via your IDP, and disable their access to login via application credentials. |
||
| Emergency URL(If admin gets locked out) : In case of an emergency where the admin is unable to access the application, a backdoor URL is provided which allows them to bypass SSO and log in via their local application credentials. |
||
| Provision to customize the Login Template : You will have the option to design the login page your users see as per your requirements. |
||
| Provision to customize the Logout Template : You can also re-design the page your users see after logging out. |
||
| Provision to customize the Error Template : In case an error occurs while your users are attempting SSO, you can design the error page and message that will be displayed to them. |
Other Features:
| Feature | miniOrange SSO plugins | Atlassian SSO2.0 plugin |
|---|---|---|
| Export Configurations to a file : You can export the plugin’s configuration into a file and keep this file as a back-up in case you ever need to revert any configuration changes or in case of an emergency. |
||
| Import plugin configurations - Easy to migrate to a new instance : The configuration file you export can be imported and can be used to migrate or replicate your configuration from one instance to another. |
||
| Troubleshooting feature : You will find a detailed set of steps to enable troubleshooting for the plugin in order to debug any issues you might encounter. |
||
| Audit Logs : The plugin can maintain a record of all user login related activity, and also of any errors that may occur in an audit log which can be used by admins to keep an eye on all the login activity that occurs into their application. |
||
| Remember Login feature : You can choose to persist your user’s application session until they explicitly log out, hence reducing the number of times that they need to perform SSO. |