Configure Okta to customize SAML SSO attributes for Atlassian Cloud

Problem description

The Default Atlassian Cloud OIN application available on Okta doesn’t provide admins a way to customize the attributes sent on SAML SSO authentications, the only customization available is for SCIM user provisioning.

 

This becomes a problem when customized attributes are used on givenName and surName. Some users go through name changes, and Okta is stuck to their legal name on SAML SSO.

Due to our precedence for SAML SSO over SCIM user provisioning, every time the user authenticates, we update their profile and replace their customized name set by SCIM user provisioning to Okta’s legal name that SAML SSO sees.

 

There is a feature request that aims to give precedence to SCIM user provisioning over SAML SSO, but there is no progress on that end. For now, customers need to use a workaround described on this page to complete the task.

 

Important disclaimer

Due to the configuration flow currently adopted by Atlassian, you will need to complete the configuration wizard once to generate your Service provider assertion consumer service URL and Service provider entity URL. In case you don't have these values generated, you will need to complete the wizard with dummy values. 

 

How to send personalized attributes via the custom SAML SSO app

  1. Go to your Okta Admin dashboard and open Applications, then hit Create App Integration

image.png

 

  1. Choose SAML 2.0 and click next

image-20230210-141613.png
  1. Give the app any name that makes sense to you (that is, Custom SAML SSO Integration - Atlassian Cloud) and continue to the next screen

image-20230210-141554.png

  1. As Okta Single sign on URL, use Atlassian Service provider assertion consumer service URL and mark the option Use this for Recipient URL and Destination URL

  2. As Okta Audience URI (SP Entity ID) uses Atlassian Service provider entity URL

  3. As Okta Default RelayState uses Atlassian main hub of services, https://start.atlassian.com

image-20230210-142539.png

image-20230210-142133.png
  1. For the option Update application username, choose Create and update

image-20230210-142830.png

  1. You now need to configure the SAML attributes according to the below table:

image-20230210-143742.png

  1. For the Group Attribute Statements (optional), please leave them blank

  2. And then you can click on preview SAML to check the configuration

image-20230210-144210.png
  1. Go to the next screen and choose the option that better fits your use case to complete the app creation and click finish

  2. On the page that will open to you upon completion of the app, scroll down and click on View SAML setup instructions, then follow the tutorial to carry the information to Atlassian

image-20230210-144645.png

  1. Click on View SAML configuration at your Atlassian organization

image-20230210-145310.png

  1. Copy the Okta values from the page you opened by following step 12 to your atlassian organization; after that, click Save

Okta Field

Atlassian Field

Identity Provider Single Sign-On URL

Identity provider SSO URL

Identity Provider Issuer

Identity Provider Entity ID

X.509 Certificate

Public x509 certificat

image-20230210-145915.png

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events