Fortifying Access Control: mO SAML SSO & 2FA Integration for Licensed Users & Portal Only Customers

In today's digital landscape, security is paramount. With the ever-increasing threat landscape, organizations need robust solutions to protect their sensitive data and ensure secure access for their users. We offer a powerful combination of plugins that enhance security while simplifying user management. In this article, we explore a compelling use case that leverages our miniOrange SAML and 2FA plugins to fortify security without compromising convenience.

The challenge Organizations face:

Many organizations today rely on Identity Providers (IDPs) to manage their licensed users, providing Single Sign-On (SSO) for seamless access to various applications, including Atlassian's Jira Service Desk. However, a common challenge arises when dealing with external users or portal-only customers who are not part of the IDP ecosystem. These users cannot use SSO, and their credentials are not managed by the IDP, making it challenging to ensure the same level of security for them.

The Solution:

A combination of our miniOrange SAML and 2FA plugins offers a versatile solution to this challenge. Let's break down how this solution works:

SAML Single Sign-On (SSO): SAML (Security Assertion Markup Language) is a widely adopted authentication protocol that allows users to access multiple applications with a single set of credentials. Our SAML plugin enables organizations to integrate their Atlassian applications, such as Jira Service Desk, with their IDP. This means that licensed users can enjoy the convenience of SSO, streamlining their access to Atlassian tools.

2FA for Portal-only customers : For external users or customers who do not have accounts managed by the IDP, our 2FA (Two-Factor Authentication) plugin steps in. It provides an additional layer of security by requiring these users to go through a second authentication step after entering their username and password. This ensures that even if their credentials are compromised, unauthorized access is thwarted.

The plugin provides a flexible setup, allowing you to configure it to skip multi-factor authentication (MFA) challenges for user logins through Single Sign-On (SSO). However, if your Identity Provider (IDP) doesn't support MFA, the plugin enables you to seamlessly invoke MFA for SSO, ensuring security regardless of your IDP's capabilities.

How It Works:

Let's take a closer look at how this SAML + 2FA combination works in practice:

Licensed Users (Managed by IDP): When licensed users attempt to access Atlassian Service Desk, the SAML plugin seamlessly redirects them to the IDP's login page. Once authenticated, they are granted access to the Service Desk without having to enter credentials again.

External Users/Portal-only Customers (Not Managed by IDP): External users, on the other hand, use a separate login mechanism (Local Login). After entering their username and password, they are prompted to complete the 2FA process, adding an extra layer of security. This ensures that even if their credentials are compromised, unauthorized access is prevented.

Benefits:

The SAML + 2FA combination offers several key advantages:

Enhanced Security: By combining SAML SSO with 2FA, organizations can ensure that all users, whether internal or external, enjoy robust security measures, reducing the risk of unauthorized access and data breaches.    

User Convenience: Licensed users benefit from the convenience of SSO, while external users experience a streamlined yet secure login process through Local Login and 2FA.

Administrative Simplicity: Our plugins are easy to configure and manage, providing administrators with the tools they need to maintain control over user access.

In an age where security threats are constantly evolving, it's crucial for organizations to implement robust security measures without creating undue complexity for their users. Our SAML + 2FA plugin combination offers an elegant solution to the challenge of securing both licensed and external users in Atlassian's Service Desk.

By leveraging SAML for licensed users and implementing 2FA for external users, organizations can strike the perfect balance between security and user convenience. Our plugins not only enhance security but also simplify the management of diverse user groups.

If you're looking to fortify your organization's Atlassian applications' security, consider harnessing the power of miniOrange SAML + 2FA plugins. Strengthen your defenses without compromising user experience.

Feel free to reach out to us at atlassiansupport@xecurify.com for a free demo, setup, or any custom use case. We’re happy to help!