Log into Atlassian Cloud using External OAuth/OIDC Provider

Atlassian Cloud has become very popular in the last couple of years. Atlassian Cloud offers very competitive pricing, especially for small user-tier applications. You can check out our article to see if Atlassian Cloud is a good option for you here - Atlassian's Server License Discontinuation: What are your options? 

 

Atlassian Cloud has many products, one of them is Atlassian Access which provides centralized security and governance across organizations. Atlassian Access has security controls like SAML Single Sign On (SSO), User Lifecycle Management, Active Directory Sync, and many more. 

 

Single Sign-On into Atlassian Access allows users to authenticate to Atlassian cloud products through your existing SAML Identity Provider. SAML SSO provides employees with a simple and easy process for accessing the tools that they use and allows admins to enforce identity-related security controls at scale, making the task of securing large groups of users far simpler. What if users are present in OAuth or OpenID Provider? Will it still work? How can we connect Atlassian Cloud  (SAML SSO modules) to OAuth/OIDC Providers? Is it even possible? 

Yes! It is possible with miniOrange Identity Brokering Service

 

miniOrange Identity Broker Service -

Identity brokering is a way to establish trust between any two applications like Atlassian Access (SAML) and OAuth/OIDC Provider that do not speak the same protocol and help them understand requests and responses. Applications that do not communicate with each other using the same protocol are known as cross-protocol applications.

 

miniOrange Identity Brokering lets you connect and communicate with such cross-protocol applications. It acts as a bridge between applications and helps understand requests and responses. This will be equivalent to a language translator where translators understand one language and translate it into another language.

 

Using miniOrange Identity Broker Service, you can also connect multiple Providers or add user directories. You can also secure your Atlassian Cloud login by enabling Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA) in the miniOrange.

miniOrange Identity Broker flow.png

On the miniOrange side, you must configure 

  1. Atlassian Access SAML Application as a Service Provider and miniOrange as an Identity Provider 
  2. OAuth or OIDC Provider as an Identity Source in miniOrange where miniOrange is the OAuth Client

Once the connection is successful, you are good to go. You can refer to this document for end-to-end setup.

 

With this solution, you do not need to store users on miniOrange. The user login experience will be seamless moving from Atlassian Cloud to your OAuth Provider, where miniOrange will be running in the background. They will not see any miniOrange page or login screen in between, so users will not notice the integration with miniOrange. This is similar to users' experience for Atlassian Access when connecting to a SAML Identity Provider. 

 

You can also secure your Atlassian Cloud login by enabling Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA) in miniOrange.

 

What do you think about this solution? Do you think this would be helpful for Cloud users trying to authenticate from an external OAuth Provider? Please drop us a mail at info@xecurify.com or raise a ticket here to talk to us.

0 comments

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events