Earn badges and make progress
You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Participate in fun challenges
Challenges come and go, but your rewards stay with you. Do more to earn more!
Gift kudos to your peers
What goes around comes around! Share the love by gifting kudos to your peers.
Rise up in the ranks
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Come for the products,
stay for the community
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Configure Okta to customize SAML SSO attributes for Atlassian Cloud
Problem description
The Default Atlassian Cloud OIN application available on Okta doesn’t provide admins a way to customize the attributes sent on SAML SSO authentications, the only customization available is for SCIM user provisioning.
This becomes a problem when customized attributes are used on givenName and surName. Some users go through name changes, and Okta is stuck to their legal name on SAML SSO.
Due to our precedence for SAML SSO over SCIM user provisioning, every time the user authenticates, we update their profile and replace their customized name set by SCIM user provisioning to Okta’s legal name that SAML SSO sees.
There is a feature request that aims to give precedence to SCIM user provisioning over SAML SSO, but there is no progress on that end. For now, customers need to use a workaround described on this page to complete the task.
How to send personalized attributes via the custom SAML SSO app
-
Go to your Okta Admin dashboard and open Applications, then hit Create App Integration
-
Choose SAML 2.0 and click next
-
Give the app any name that makes sense to you (that is, Custom SAML SSO Integration - Atlassian Cloud) and continue to the next screen
-
As Okta Single sign on URL, use Atlassian SP Assertion Consumer Service URL and mark the option Use this for Recipient URL and Destination URL
-
As Okta Audience URI (SP Entity ID) uses Atlassian Service provider assertion consumer service URL
-
As Okta Default RelayState uses Atlassian main hub of services, https://start.atlassian.com
-
For the option Update application username, choose Create and update
-
You now need to configure the SAML attributes according to the below table:
|
Name |
Name format |
Value |
|---|---|---|
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname |
Unspecified |
user.firstName |
|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname |
Unspecified |
user.lastName |
|
Unspecified |
user.id |
-
For the Group Attribute Statements (optional), please leave them blank
-
And then you can click on preview SAML to check the configuration
-
Go to the next screen and choose the option that better fits your use case to complete the app creation and click finish
-
On the page that will open to you upon completion of the app, scroll down and click on View SAML setup instructions, then follow the tutorial to carry the information to Atlassian
-
Click on View SAML configuration at your Atlassian organization
-
Copy the Okta values from the page you opened by following step 12 to your atlassian organization; after that, click Save
|
Okta Field |
Atlassian Field |
|---|---|
|
Identity Provider Single Sign-On URL |
Identity provider SSO URL |
|
Identity Provider Issuer |
Identity Provider Entity ID |
|
X.509 Certificate |
Public x509 certificat |
Was this helpful?
Thanks!
Fernando S
0 comments