Atlassian SAML SSO
SSO and Git Authentication simplify the login experience.
100%
Secure Authentication
54+
Integrated Add-Ons
The Challenge
1. Login users with domain names.
2. Git Login for External AD Users.
Canon Inc. is a Japanese multinational corporation headquartered in Ōta, Tokyo, Japan, specializing in optical, imaging, and industrial products, such as lenses, cameras, medical equipment, scanners, printers, and semiconductor manufacturing equipment.
Canon leverages multiple Atlassian applications to enhance software development, project management, collaboration, and code quality. To ensure a seamless user experience, they approached us with the above requirements.
Use case 1: Manage users based on domains.
User identities are stored in multiple Identity Providers, and all these users want to login into Jira, Confluence, and Bitbucket applications. Each of the Identity Providers has a specific user domain. They wanted a hassle-free login where users do not need to select options during login.
Solutions we provided to Canon
SAML SSO
Generally, we provide SSO buttons on the login page if multiple Identity Providers are configured for SSO in the miniOrange plugin. Any user can click on the SSO button and get authenticated against Identity Providers and access Jira or Confluence applications. But in Canon's case, this approach wouldn't be suitable. So we designed a custom login form where users can enter their email address and implemented a way to check domains in the backend and then get users redirected to the appropriate IDP for authentication. So the users do not have to use the IDP selection for login.
Key Benefits
- Easy to Configure: You just need to add domain names against configured IDPs and you are good to go.
- Smooth User Experience: Users don't have to choose the SSO button during login. Instead, they only need to enter their email address on a custom login screen and they will automatically get redirected to the respective IDP login page for authentication. It completely removes the IDP selection while login and makes the user experience hassle-free.
- Improves Security: The login page will be accessible to system admins only which exists only in the internal directory of the Jira andConfluence applications, hence increasing overall security.
Use case 2: Git Login for External AD user.
Users are synced from the External AD directory into Bitbucket for Authentication. They're looking for a way to help developers get authenticated to perform the git operations like push and pull into Bitbucket Repositories using the AD credentials.
Solution: miniOrange Git Authentication feature
Git Authentication
We suggested the Git Authentication feature as a solution. This feature is implemented in the SAML SSO add-on to make its setup easy. This solution helped their users get authenticated from the synced External AD to perform Git operations. Whenever a user tries to perform a Git operation, a pop-up is shown to enter their credentials on any git client application. These credentials are submitted to Bitbucket for user verification and to perform the requested operation. The part of user verification is handled by miniOrange git authentication. Firstly the credentials are verified with the IDP if the user is not present in the IDP, then the plugin verifies if these credentials are valid for any Bitbucket directory user. If the user is invalid then the flow is aborted, else the flow is handed over to Bitbucket to complete the requested operation.
Key Benefits
- Easy to Setup: Minimal IDP configurations for Git Login and users are ready to practice Git authentication.
- Ease Of Access: Users can use any set of login, either IDP credentials or Bitbucket credentials for Git Authentication. Also, this helps to avoid the complexities of the SSH key.
- Git Authentication for All: Any user can perform Git Login stored in an internal directory or external directory. miniOrange Git Authentication plugin takes care of the authentication part so well.
In summary, miniOrange provided Canon Inc. with tailored solutions for seamless SSO and Git authentication, enhancing user experience, simplifying access, and improving security across their Atlassian applications.
