Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

[Atlassian access] OKTA SSO only on a subset of users

Hi everybody, 

I have searched a lot for this topic, but I could not find a good answer anywhere.

I have an Atlassian Jira Cloud environment and now every user is created in Jira and access using email and password.

I am investigating the Atlassian Access package, considering to implement SSO with OKTA and/or enforce 2FA, (I am not planning to provision users via OKTA).

Question: is it possible to enable SSO only for a subset of users(e.g. internal users), and have other users access with username and password?

 

Thank you very much

Have a nice day,

Luca

 

 

1 answer

1 accepted

1 vote
Answer accepted

Hi Luca, 

Thanks for using Atlassian Community.  

For a short answer, you can only enable SSO via Okta to the internal users in your Jira site. When you integrate with Okta, the 2FA feature on Okta side will be used. 

To give more context on that :

Atlassian cloud uses a centralized identity service in https://id.atlassian.com. Here, an end user will have a single account identified by a unique email address. That account is the user's online identity and access into different cloud sites are granted on that account. 

On Jira cloud side, the owners of the site controls which Atlassian Accounts gets access to their site. 

Atlassian Access allows organizations to claim ownership of Atlassian Accounts in that centralized identity service. When you claim your company's domain in Atlassian cloud, you effectively take ownership of all Atlassian Accounts with an email address under your company's domain. You can then further enforce SSO via Okta to those accounts. 

On the Jira cloud site, only accounts under your company's domain will be enforced to login via Okta. These accounts are effectively your internal users. The rest will keep using the default Atlassian Account login password or any SSO that their own organization may have enforced on Atlassian Cloud.

There are 2 admin hats in play here. 

  1. Organization Administrators : Manages the domain Atlassian Accounts and SSO for Atlassian Cloud. 
  2. Site Administrators : Controls who get access on the Jira site. They can grant access to both "internal" and "external" users. 

Here is the login experience for the users :

  • A user will try to reach any site on Atlassian Cloud (ie. your jira site)
  • The user will need to login via https://id.atlassian.com
  • The user will identify with an email address in login form.
    • If the email address is under your company's domain, the user will be redirected to Okta for authentication. This includes 2FA if that is enabled on Okta side.
    • If the email address is not under a claimed domain, the user will authenticate using the Atlassian Account Password. 
  • After authentication, the user will be redirected back to the Jira site. If the account was granted access, the application will load otherwise a permission error is returned. 

I hope this helps. 

 

Cheers,

Ramon

Thank you very much for the explanation.

Cheers,

Luca

No worries Luca and good luck!

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

1,088 views 2 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you