Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


SAML SSO vs Third Party App

Kishan Sharma
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Aug 13, 2021

Starting a discussion thread to see how people are using SAML SSO -

  • Are there any benefits of using third party app over SAML SSO provided by Atlassian. 
  • Are you using SAML Single Sign On in your Data Center product or using any third party app for it?
  • What do you prefer and why ? 


Capi _resolution_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Aug 19, 2021

Interesting discussion, @Kishan Sharma! It'd be really nice to get some first-hand experiences from Data Center customers on this matter.

Our experience in resolution as the marketplace partners behind the most sold SAML SSO plugin for Jira, Confluence, Bitbucket etc. is that most of our Server customers are sticking to our product as they transition to Data Center. There are multiple reasons for this and it’s never easy to generalize. But let me give some pointers to start the discussion. We’ve recently published an article with Frequently Asked Questions gathered in partner and customer trainings on the comparison between our SAML SSO plugin and Atlassian’s.

Often times, it’s simply a matter of trust and efficiency. Customers have interacted with us in support calls, know what the product can do, and don’t want to go through the pain of replacing it, even if they could potentially save a couple thousand dollars. For a big corporation, a small saving like that can be of little value, and even procurement folks are starting to accept that as part of their vision.

Very frequently, customers don’t really have much of a choice. — They have very specific requirements in their configuration, and they know that the Data Center SAML SSO can’t accommodate them. These can be related with security, with matching their existing identity infrastructure, or with customizations that are required in order to make Atlassian applications work as expected. For example, they may need to synchronize information about who is the supervisor of each user from the Identity Provider to have a proper validation process in place.  

SAML SSO is not only about having a single, secure password to authenticate across applications. It’s also about putting in place robust user management processes that rely as much as possible in automation and deflect manual work. Our plugin becomes irreplaceable when you start looking at the entire user lifecycle (as opposed to simply provisioning users). Want to design a simple process to deactivate inactive users? Don’t look at Data Center.

Of course, sometimes the customer is happy with a simple SAML SSO implementation, and in those cases, the Atlassian native version works out of the box and we lose. But those simple implementations are relatively rare in the Data Center world, where we’re looking at thousands of users and complex architectures.

That’s my two cents, I’m looking forward to more personal, individual use cases! By the way, this might be an interesting discussion for the Enterprise group!

Like Kishan Sharma likes this
Kishan Sharma
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Aug 19, 2021

Thank you @Capi _resolution_ for your response, some interesting points there.

Small/Large organizations can both benefit from a third party plugin if they don't want to take overhead of setting up identity infrastructure and configuration part themselves.

A plugin is obvious choice if there are certain requirements that cannot be accommodated by the Data Center SAML SSO. And having complete user management lifecycle in place comes in very handy for managing new joiners/leavers etc. which otherwise could be a manual and time consuming process in some cases.

The Atlassian native SAML SSO is relatively easy to setup/implement and most customers are happy using it depending on their requirements.

You are right, I should post something similar in Enterprise Group as well :)

Hi, we are in the process of switching from Jira LDAP with Microsoft ADFS to Jira SSO with Azure AD and wanted to use the out of the box SAML SSO provided by Atlassian. 

Initial testing shows a rather large shortcoming for us, for anyone probably, that is the fact that names of users and groups are not returned, but rather IDs and this is not useful for us.

We are currently evaluating third party add-on "User Sync for Jira" from vendor re:solution, because the vendor has the highest ratings and most downloads for their products and it seems to be doing the job for us. We are still evaluating how to deal with 'service accounts' we inherit from LDAP and how to do this with the new setup and I had some weird experience where I was kicked out of the sys-admin group and had to request another sys-admin to add me back; possible related to logging in sometimes via SSO and other times with LDAP still as we have them next to each other.

We also have to check and see if we can disable or hide LDAP login completely and we use the Atlassian SSO together with re:solution's User Sync so we are not completely dependent on a third party solution.

So we have our users login via SSO from Atlassian's SAML SSO and we enrich the user and group data with re:solution's add-on. Does that make sense?

So yes there are benefits to using a third party add-on and yes we prefer to do that because of the additional features which we really require for our setup.

On a side-note I have worked with the Insight Azure module to import users and groups from Azure AD as well and this works nicely.

I was able to set up a periodic import from our Azure AD and this way we can retrieve additional information about our users (such as location, department, manager, etc), but I am still unable to apply this in the way I would like: I was hoping to enrich the user fields (mainly reporter and assignee) to show a hover-over panel with additional details like we do now with the User Profiles add-on from Communardo Products GmbH. I'm still reading up on Inisght's possibilities but so far don't see how this can be used in a way that will help us much. Tips are appreciated for this by the way ;)



Log in or Sign up to comment
AUG Leaders

Atlassian Community Events