Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

login methods allowed/not allowed based on group membership

Jakob KN
Jakob KN
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 30, 2023

Hi folks! 

I'm trying to add Google SSO to our Jira (and Confluence for that matter) instance. 
Adding SSO as an available authentication method isn't an issue in itself, but we want only a specific group of users to be able to log in with basic authentication. 

To describe the use case, the majority of our users (group: jira-users) are employees of our company and have a company Gmail account, and we then have some externals such as freelancers (group: externals) who does not have a company Gmail account.

The users in "jira-users" should be required to use SSO, and not be able to use the basic authentication option. 

The users in "externals" won't be able to use SSO, but should instead be able to log in with basic authentication. 

I'm aware that both login options will be shown on the login screen, since the person viewing it isn't authenticated yet. But i guess there's not much to be done about that, apart from adding a info-banner instructing who should use SSO/basic auth.

How is this achievable in Jira (and confluence, if you know this as well).

Thanks in advance

Confluence DC version: 7.19.10
Jira DC version: 9.4.6

Answer
Watch
Like itop likes this
465 views

2 answers

1 accepted

0 votes
Answer accepted
Jakob KN
Jakob KN
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 19, 2024

For anyone who might stumble on this post, I'll provide some follow-up info.

We ended up implementing the SSO add-on from MiniOrange.
With this add-on, you can specify that specific groups should use SSO login, and other groups should use basic authentication.
And, if you have several IDPs, the group-based settings can also be used to determine which SSO IDP the members of a group will be using.  

Atlassian's own SSO options (including crowd) was lacking quite a few needed configuration options, which were present in the MiniOrange plugin. 
 Additionally, when using Atlassian's SSO option and Crowd we had lots of issues with using Google as IDP and having 2FA enabled.
Which was also easily resolved with the mentioned add-on.

Reply
0 votes
itop
itop
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 17, 2024

I wish there is a way for this we need to do the same thing

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
9.4.6
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security