SSO That Adapts to You - Connect Any SAML 2.0 IDP

Hello folks,

In the last article, we talked about how  miniOrange SAML SSO + User & Group Sync (SCIM) together create a complete identity lifecycle for your Atlassian applications.

Today, let’s shift gears and look at another capability teams often overlook - but absolutely love once they start using it:

Multi-Identity Provider (Multi-IdP) Support.
Because in a world where businesses run on hybrid environments, mergers, acquisitions, and distributed teams…your authentication shouldn’t be limited to just one provider.

Multi-IdP gives you flexibility, control, and the freedom to authenticate users from anywhere - all within the same Atlassian setup.

 

🔐 What Is Multi-IdP Support?

Think of it as multiple doors leading to the same secure workspace.

With Multi-IdP Support, your Jira, Confluence, or Bitbucket can connect to more than one SAML 2.0 Identity Provider at the same time - without disrupting the login experience.

Maybe your engineering team uses Azure AD…
your contractors use Okta…
your legacy systems rely on ADFS…
and your partners authenticate with Google Workspace.

No problem.

Your Atlassian instance accepts them all - smoothly, securely, instantly.

Here’s what it looks like:

• A user hits the login page
  
  
• The plugin identifies their domain or rule
  
  
• They get routed to the correct Identity Provider
  
  
• SSO works as usual - without confusion or conflict
  
  

Different teams, same Atlassian platform. One seamless login.

 

🧩 Works with Any SAML 2.0 Identity Provider

Whether you're using a popular enterprise IdP or something completely custom - Multi-IdP handles it effortlessly.

Supported IdPs include:

• Okta
  
  
• miniOrange
  
  
• Azure AD
  
  
• Google Workspace
  
  
• Ping Identity
  
  
• OneLogin
  
  
• Keycloak
  
  
• AWS
  
  
• ADFS
  
  
• and any custom SAML 2.0 provider you have in your environment
  
  

If it speaks SAML - we support it.

That’s the beauty of open standards done right.

 

⚡ Why Teams Choose Multi-IdP

• ✅ One Atlassian Instance, Many User Sources - Different subsidiaries, partners, or regions can all authenticate using their own trusted IdP.
  
  

• 🎯 Domain-Based Routing - Login flow is smart, users are automatically directed to the right IdP based on email domain or custom rules.
  
  
• 🔐 Zero Friction Login - No confusing dropdowns. No manual selection. Just direct, automatic SSO.
  
  
• 🔄 Smooth Transition During Mergers or Migration - Moving from ADFS to Azure AD? Testing Okta alongside Google Workspace? Multi-IdP makes it painless - old and new systems can run in parallel.
  
  
• 🛡️ Strong, Consistent Security - Regardless of the IdP, your Atlassian SSO follows the same secure SAML flow - with signed requests, encryption, and centralized control.
  
  

It’s flexible without compromise.

🏗️ How Secure (and Smart) Is It?

Every login is evaluated using intelligent routing, ensuring the right IdP is used every single time - without exposing users to confusing flows.

And with the miniOrange SAML SSO + User & Group Sync (SCIM) you get powerful supporting features:

• 🌐 Advanced Login Rules → Route by domain, regex, user directory, or custom conditions
  
  
• 🔒 Signed & Encrypted Assertions → Maximum integrity and confidentiality
  
  
• 🔄 Certificate Management → Smooth certificate rollover for every connected IdP
  
  
• 📁 Separate Mappings per IdP → User attributes and groups mapped uniquely per provider
  
  
• 🚨 Fail-Safe Access → Emergency login URL in case an IdP goes down

It’s smart SSO infrastructure that adapts to complex organizations - not the other way around.

Setting up Multi-IdP Support with miniOrange is simple and scalable:

• Add as many SAML IdPs as you need
  
  
• Configure login rules for each user segment
  
  
• Map attributes and groups uniquely per IdP
  
  
• Apply consistent security policies across all providers
  
  

All managed from one clean, powerful dashboard.

One plugin. Unlimited identity flexibility.

 

💡 What’s Next in the SAML Series?

Up next: Just in Time Provisioning - automatically creating and updating user accounts the moment they first log in via SSO, ensuring they get the right access instantly.

Because in today’s interconnected world, access shouldn’t be limited.
It should be empowered. 🔐

If you have any questions or want to see the plugin in action, reach out to us at atlassiansupport@xecurify.com