Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,462,572
Community Members
 
Community Events
176
Community Groups

Can you configure SSO access to Atlassian Service Desk with Azure AD B2C?

Is there an option to use Single Sign On (SSO) for the Service Desk product with an Azure AD B2C tenant as the Identity Provider?

 

Here is what we are trying to achieve.

Our application is configured to sign in with user identities in our B2C directory. We would like to add Service Desk as another application for those same user identities with the same credentials.

1 answer

You need Atlassian Access to do that. We had done it and working great.

@James Yip, would you be able to provide any further insight into what you configured to get this working?

Thanks, that is the reference I was using when I attempted to get this working. Just to confirm you got this to work with custom policies and Azure AD B2C?

I am looking a solution that allows us to use users in the B2C tenant that sign-in using their email address (this includes domains that can't be verified), these are customer addresses.

The process is the same as Azure AD B2C is nothing but the same Azure AD. See if this helps. If not, you can PM me to see if we can help you. ;-)

https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers

Like Ajay DevPro likes this

Hi James:

I followed the document u suggested. But I had few questions.How do use set up the outputclaim for "uniques User Identifer" in the journey for SAML Policy.

Also the how do u setup return URl in SAML App registration in the AzureB2C portal- it does not allow query strings

"replyUrlsWithType": [        

{            "url""https://auth.atlassian.com/login/callback?connection=saml-1xxxxx XXXX",            

"type""Web"        }

 

Any help will be appreciated. 

James how can I get in touch with you. The major blocking issue for us is how to set SP Entity ID in Azure B2C. Not sure where I can set this information in my SAMLApp.

May I know where you specify that JSON setting? It should not be required.

I am getting trouble logging in error. Try logging in again. I am wondering which of the 2 issues is causing it.

 

1. Atlassian SAML Configuration page says  says it is expects the SP EntityID from the provider. I have now put  value(https://auth.atlassian.com/saml/1ea877e2-b5d4-49f1-934b-dfed83XXXX6)  in  the URI key in the Metadata section  in Technical  profile of IDP.  Do you set this value in your claims policy?

The other issue is the replyUrl in the SAMLApp manifest how do we set something with the querystring.

replyUrlsWithType": [        

{            "url""https://auth.atlassian.com/login/callback?connection=saml-1xxxxx XXXX",            

"type""Web"        }

 

Any help will be appreciated. It is comforting to note you have managed to enable this.

Hi James  a quick update:

I added 

<Item Key="IssuerUri">https://auth.atlassian.com/saml/1ea877e2-b5d4-49f1-934b-dfed837fde26</Item>

this seems to have solved my first problem.

The only issue I see now how to give the correct value of replyUrlWithType in the SAMLApplication manifest in Identity Experience Framework/ApplicationRegistration . Can you share your implementations replyUrlWithType with numbers munged? Does it have a query string?  Details below  for others.

Thanks

Ajay

 

Now I see the the error is about SP Assertion Consumer Service URL: https://auth.atlassian.com/login/callback?connection=saml-xxxx-xxxx-xxxx-xxxx-xxxxxx

I see the error below

https://id.atlassian.com/login/callback?continue=https%3A%2F%2Fadmin.atlassian.com%2Fo%2F%2Fsaml%3Fare%3Daid&error=unauthorized&error_description=Application%20registered%20corresponding%20to%20IssuerUri%20%22https%3A%2F%2Fauth.atlassian.com%2Fsaml%2Fxxxxxx-xxxx-xxxx-xxxx-xxxxxxx%22%20in%20AuthRequest%20does%20not%20have%20assertion%20consumer%20service%20URL%20%22https%3A%2F%2Fauth.atlassian.com%2Flogin%2Fcallback%22%20specified%20in%20its%20metadata.&state=eyJ1c2V

Hi James would really appreciate if u could show us how to set replyUrlwithType in the SamlApp manifest. It would be great 

I am concluding this implementation is apparently not possible, unless Some special allowances were made for James company. Can anyone from Atlassian speak about this.

Ajay, we gave up on this too.

I guess there is some confusion. This thread was for configuring azure B2C. Also the link u mention above is for Azure B2C. https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers.

Azure B2C does not involve using a specialized configuration app written by Atlassian. 

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events