Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,467,462
Community Members
 
Community Events
177
Community Groups

AWS Managed AD and Atlassian Access SSO

Edited

I have an AWS managed Active Directory and I've setup AWS SSO for it. Now its time to add my SAML 2.0 applications.

We currently use 3 Atlassian products (and we also have Atlassian Access):

  • Bitbucket
  • Confluence
  • Slack

When I search for supported applications in AWS, I can see "Atlassian", "Confluence" and "Slack". What is the difference between "Atlassian" and "Slack" ?
Eg. See below screenshots from AWS Console:
Altassian.pngConfluence.pngSlack.png

Also, my Atlassian users have a different username to those in my active directory. 
If I enable SSO, how will these 2 different user representations be "merged"? 

Eg. in my AWS Managed Active Directory, I have user davidc. In Atlassian I have davico.
These 2 usernames are the same person. 

How will SSO resolve these 2 users ? And which credentials will users use to login?

What happens to the existing MFA settings I have configured for my Atlassian products?

Last, I have IP whitelisting enabled. Will this affect my IP whitelisting in any way ? 

 

 

1 answer

1 accepted

2 votes
Answer accepted

Hello, @David Co 

Slack is cloud-based service completely different from anything Atlassian-related.

"Atlassian" application in AWS directory most likely refers to Atlassian Cloud, which includes Confluence (as well as Jira). In Cloud you don't SSO into Confluence or Jira, you SSO into the whole Atlassian Cloud.

"Confluence" might be referring to Confluence Server or Data Center – an on-premises installation of Confluence.

Since you mentioned a username "in Atlassian" it sounds like you are using an on-premises product (since in Cloud everything is linked to an email).

"Bitbucket" (assuming there is one) may refer to either Bitbucket Server or Bitbucket Cloud (which is unfortunately is still separate login-UX-wise to Atlassian Cloud) – so choose the one you need.

If you are in Cloud – you will have to setup 3 SSO connectors: for Atlassian Cloud (to gain SSO into Confluence), for Bitbucket, and for Slack.

If you are on the Server/DC – you will have to setup 3 SSO connectors: for Confluence, for Bitbucket Server/DC, and for Slack.

Normally, SSO apps are really bad in aliasing/re-mapping usernames.

If you are in the Cloud – when configuring SAML (on AWS) you can actually specify what attribute to use as the username, you should pass the email address in this case. This should apply to the Slack connection (as it uses an email).

If your Atlassian products are on the Server – you should just rename the usernames in Confluence and Bitbucket. Both products support this ability. If you have many users to rename – this can be done in bulk with a ScriptRunner script. Reach out to our 24x7 support (I am from TechTime – a Platinum Atlassian Solution Partner in Aotearoa – New Zealand) and we should be able to provide these scripts.

Many thanks @Ed Letifov _TechTime - New Zealand_. So I just confirmed I am running Atlassian Cloud. I mentioned username since in Atlassian this was different to my Active Directory and was worried this would cause some kind've mismatch or duplicates. And to confirm, I am entirely cloud based. 

There doesn't seem to be a "Bitbucket" in AWS SSO - so I may need to set this up as a custom SAML 2.0 application. 

Thanks for confirming my understanding. 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events