Setting up SAML SSO with JumpCloud

This article is a basic walkthrough to help you set up your first SAML Single sign-on configuration if you haven't yet configured one on Atlassian Cloud. I'll be using JumpCloud, which is free for up to 10 users, and an identity provider different from the ones you will find at the Atlassian documentation today.

Even though Atlassian has made the SAML SSO configuration process relatively straightforward, there are a few pre-requisites you need to address beforehand:

• Create a new Atlassian site - or use your existing one
• Verify your domain
• Subscribe to Atlassian Access
• Sign up for your JumpCloud free account

The following steps were based on the JumpCloud knowledge base documentation that can be found at Single Sign-On (SSO) with Atlassian Cloud. I will be including additional screenshots and details that may help you during your configuration.

Step 1 - Configuring the Atlassian Cloud app on JumpCloud

• Log in to JumpCloud as administrator.
• Go to SSO.
• Click ( + ), then search for Atlassian Cloud and click configure.

• In General Info, enter Display Label.

• In IdP Entity ID, replace YOURDOMAIN with your domain. In this case, it is the domain that you have verified. For example, if you have verified myverifieddomain.com, your IdP Entity ID would be https://myverifieddomain.com.

• For Default RelayState, inform your Atlassian site.

• For the IDP URL, I used my Atlassian site name. For example, if your site is https://mysite.atlassian.net, your IDP URL could be https://sso.jumpcloud.com/saml2/mysite.

• Select Activate and confirm your new SSO connector instance.

Step 2 - Adding a SAML configuring the Atlassian Cloud

• Copy IdP Entity ID (JumpCloud) to Identity provider Entity ID (Atlassian Cloud).
• Copy IDP URL (JumpCloud) to Identity provider SSO URL (Atlassian Cloud).
• Download the certificate (JumpCloud) and copy the contents of the certificate to the Public x509 certificate (Atlassian Cloud).
• Save configuration.

Step 3 - Finish configuring JumpCloud SSO

• Copy SP Entity ID (Atlassian Cloud) to SP Entity ID (JumpCloud).
• Copy SP Assertion Consumer Service URL (Atlassian Cloud) to ACS URL (JumpCloud).

• Authorize user access. There are other options to make this change on JumpCloud. In this example, you can assign a user to a group. In the User Groups tab, select the groups you are authorizing users to access the Atlassian Cloud application.

Step 4 - Test your SSO configuration

You can initiate the SSO authentication from your Idp by accessing the JumpCloud User Console or navigating your Atlassian Cloud site URL.

Initiate from JumpCloud

• Access the JumpCloud User Console at https://console.jumpcloud.com.
• Select the Atlassian Cloud app.
• It will automatically launch and login to Atlassian Cloud.

Initiate from your Atlassian Cloud

• Navigate to your Atlassian Cloud site.
• Enter your email address.
• You will be redirected to log in to the JumpCloud User Portal.
• The browser will be redirected back to the application and be automatically logged in.

Server to Cloud Migrations

If you happen to have started your journey to the cloud, check these couple of links that might help you with the Atlassian Acess assessment process.

• Assessing Atlassian Access for Server to Cloud Migrators
• Atlassian Access and cloud migrations

Additional References

Before you go, take a look at some additional resources to explore and learn more about what you can do with Atlassian Access and other features available under the organization's security.

• User provisioning
• Password policies
• Authentication policies
• Specify how users get site access
• Atlassian Access security policies and features
• Enforced two-step verification
• Follow cloud security best practices

I'm sure there is much more to share about that here. So, feel free to chime in with your thoughts and additional information!