You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I have an AWS managed Active Directory and I've setup AWS SSO for it. Now its time to add my SAML 2.0 applications.
We currently use 3 Atlassian products (and we also have Atlassian Access):
When I search for supported applications in AWS, I can see "Atlassian", "Confluence" and "Slack". What is the difference between "Atlassian" and "Slack" ?
Eg. See below screenshots from AWS Console:
Also, my Atlassian users have a different username to those in my active directory.
If I enable SSO, how will these 2 different user representations be "merged"?
Eg. in my AWS Managed Active Directory, I have user davidc. In Atlassian I have davico.
These 2 usernames are the same person.
How will SSO resolve these 2 users ? And which credentials will users use to login?
What happens to the existing MFA settings I have configured for my Atlassian products?
Last, I have IP whitelisting enabled. Will this affect my IP whitelisting in any way ?
Hello, @David Co
Slack is cloud-based service completely different from anything Atlassian-related.
"Atlassian" application in AWS directory most likely refers to Atlassian Cloud, which includes Confluence (as well as Jira). In Cloud you don't SSO into Confluence or Jira, you SSO into the whole Atlassian Cloud.
"Confluence" might be referring to Confluence Server or Data Center – an on-premises installation of Confluence.
Since you mentioned a username "in Atlassian" it sounds like you are using an on-premises product (since in Cloud everything is linked to an email).
"Bitbucket" (assuming there is one) may refer to either Bitbucket Server or Bitbucket Cloud (which is unfortunately is still separate login-UX-wise to Atlassian Cloud) – so choose the one you need.
If you are in Cloud – you will have to setup 3 SSO connectors: for Atlassian Cloud (to gain SSO into Confluence), for Bitbucket, and for Slack.
If you are on the Server/DC – you will have to setup 3 SSO connectors: for Confluence, for Bitbucket Server/DC, and for Slack.
Normally, SSO apps are really bad in aliasing/re-mapping usernames.
If you are in the Cloud – when configuring SAML (on AWS) you can actually specify what attribute to use as the username, you should pass the email address in this case. This should apply to the Slack connection (as it uses an email).
If your Atlassian products are on the Server – you should just rename the usernames in Confluence and Bitbucket. Both products support this ability. If you have many users to rename – this can be done in bulk with a ScriptRunner script. Reach out to our 24x7 support (I am from TechTime – a Platinum Atlassian Solution Partner in Aotearoa – New Zealand) and we should be able to provide these scripts.
Many thanks @Ed Letifov _TechTime - New Zealand_. So I just confirmed I am running Atlassian Cloud. I mentioned username since in Atlassian this was different to my Active Directory and was worried this would cause some kind've mismatch or duplicates. And to confirm, I am entirely cloud based.
There doesn't seem to be a "Bitbucket" in AWS SSO - so I may need to set this up as a custom SAML 2.0 application.
Thanks for confirming my understanding.