Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

AWS Managed AD and Atlassian Access SSO

Edited
David Co
David Co Apr 19, 2022

I have an AWS managed Active Directory and I've setup AWS SSO for it. Now its time to add my SAML 2.0 applications.

We currently use 3 Atlassian products (and we also have Atlassian Access):

  • Bitbucket
  • Confluence
  • Slack

When I search for supported applications in AWS, I can see "Atlassian", "Confluence" and "Slack". What is the difference between "Atlassian" and "Slack" ?
Eg. See below screenshots from AWS Console:
Altassian.pngConfluence.pngSlack.png

Also, my Atlassian users have a different username to those in my active directory. 
If I enable SSO, how will these 2 different user representations be "merged"? 

Eg. in my AWS Managed Active Directory, I have user davidc. In Atlassian I have davico.
These 2 usernames are the same person. 

How will SSO resolve these 2 users ? And which credentials will users use to login?

What happens to the existing MFA settings I have configured for my Atlassian products?

Last, I have IP whitelisting enabled. Will this affect my IP whitelisting in any way ? 

 

 

Answer
Watch
Like Be the first to like this
539 views

1 answer

1 accepted

2 votes
Answer accepted
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
Apr 20, 2022

Hello, @David Co 

Slack is cloud-based service completely different from anything Atlassian-related.

"Atlassian" application in AWS directory most likely refers to Atlassian Cloud, which includes Confluence (as well as Jira). In Cloud you don't SSO into Confluence or Jira, you SSO into the whole Atlassian Cloud.

"Confluence" might be referring to Confluence Server or Data Center – an on-premises installation of Confluence.

Since you mentioned a username "in Atlassian" it sounds like you are using an on-premises product (since in Cloud everything is linked to an email).

"Bitbucket" (assuming there is one) may refer to either Bitbucket Server or Bitbucket Cloud (which is unfortunately is still separate login-UX-wise to Atlassian Cloud) – so choose the one you need.

If you are in Cloud – you will have to setup 3 SSO connectors: for Atlassian Cloud (to gain SSO into Confluence), for Bitbucket, and for Slack.

If you are on the Server/DC – you will have to setup 3 SSO connectors: for Confluence, for Bitbucket Server/DC, and for Slack.

Normally, SSO apps are really bad in aliasing/re-mapping usernames.

If you are in the Cloud – when configuring SAML (on AWS) you can actually specify what attribute to use as the username, you should pass the email address in this case. This should apply to the Slack connection (as it uses an email).

If your Atlassian products are on the Server – you should just rename the usernames in Confluence and Bitbucket. Both products support this ability. If you have many users to rename – this can be done in bulk with a ScriptRunner script. Reach out to our 24x7 support (I am from TechTime – a Platinum Atlassian Solution Partner in Aotearoa – New Zealand) and we should be able to provide these scripts.

View More Comments
David Co
David Co Apr 20, 2022

Many thanks @Ed Letifov _TechTime - New Zealand_. So I just confirmed I am running Atlassian Cloud. I mentioned username since in Atlassian this was different to my Active Directory and was worried this would cause some kind've mismatch or duplicates. And to confirm, I am entirely cloud based. 

There doesn't seem to be a "Bitbucket" in AWS SSO - so I may need to set this up as a custom SAML 2.0 application. 

Thanks for confirming my understanding. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events