Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can you configure SSO access to Atlassian Service Desk with Azure AD B2C?

Is there an option to use Single Sign On (SSO) for the Service Desk product with an Azure AD B2C tenant as the Identity Provider?

 

Here is what we are trying to achieve.

Our application is configured to sign in with user identities in our B2C directory. We would like to add Service Desk as another application for those same user identities with the same credentials.

1 answer

You need Atlassian Access to do that. We had done it and working great.

@James Yip, would you be able to provide any further insight into what you configured to get this working?

Thanks, that is the reference I was using when I attempted to get this working. Just to confirm you got this to work with custom policies and Azure AD B2C?

I am looking a solution that allows us to use users in the B2C tenant that sign-in using their email address (this includes domains that can't be verified), these are customer addresses.

The process is the same as Azure AD B2C is nothing but the same Azure AD. See if this helps. If not, you can PM me to see if we can help you. ;-)

https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers

Like Ajay DevPro likes this

Hi James:

I followed the document u suggested. But I had few questions.How do use set up the outputclaim for "uniques User Identifer" in the journey for SAML Policy.

Also the how do u setup return URl in SAML App registration in the AzureB2C portal- it does not allow query strings

"replyUrlsWithType": [        

{            "url""https://auth.atlassian.com/login/callback?connection=saml-1xxxxx XXXX",            

"type""Web"        }

 

Any help will be appreciated. 

James how can I get in touch with you. The major blocking issue for us is how to set SP Entity ID in Azure B2C. Not sure where I can set this information in my SAMLApp.

May I know where you specify that JSON setting? It should not be required.

I am getting trouble logging in error. Try logging in again. I am wondering which of the 2 issues is causing it.

 

1. Atlassian SAML Configuration page says  says it is expects the SP EntityID from the provider. I have now put  value(https://auth.atlassian.com/saml/1ea877e2-b5d4-49f1-934b-dfed83XXXX6)  in  the URI key in the Metadata section  in Technical  profile of IDP.  Do you set this value in your claims policy?

The other issue is the replyUrl in the SAMLApp manifest how do we set something with the querystring.

replyUrlsWithType": [        

{            "url""https://auth.atlassian.com/login/callback?connection=saml-1xxxxx XXXX",            

"type""Web"        }

 

Any help will be appreciated. It is comforting to note you have managed to enable this.

Hi James  a quick update:

I added 

<Item Key="IssuerUri">https://auth.atlassian.com/saml/1ea877e2-b5d4-49f1-934b-dfed837fde26</Item>

this seems to have solved my first problem.

The only issue I see now how to give the correct value of replyUrlWithType in the SAMLApplication manifest in Identity Experience Framework/ApplicationRegistration . Can you share your implementations replyUrlWithType with numbers munged? Does it have a query string?  Details below  for others.

Thanks

Ajay

 

Now I see the the error is about SP Assertion Consumer Service URL: https://auth.atlassian.com/login/callback?connection=saml-xxxx-xxxx-xxxx-xxxx-xxxxxx

I see the error below

https://id.atlassian.com/login/callback?continue=https%3A%2F%2Fadmin.atlassian.com%2Fo%2F%2Fsaml%3Fare%3Daid&error=unauthorized&error_description=Application%20registered%20corresponding%20to%20IssuerUri%20%22https%3A%2F%2Fauth.atlassian.com%2Fsaml%2Fxxxxxx-xxxx-xxxx-xxxx-xxxxxxx%22%20in%20AuthRequest%20does%20not%20have%20assertion%20consumer%20service%20URL%20%22https%3A%2F%2Fauth.atlassian.com%2Flogin%2Fcallback%22%20specified%20in%20its%20metadata.&state=eyJ1c2V

Hi James would really appreciate if u could show us how to set replyUrlwithType in the SamlApp manifest. It would be great 

I am concluding this implementation is apparently not possible, unless Some special allowances were made for James company. Can anyone from Atlassian speak about this.

Ajay, we gave up on this too.

I guess there is some confusion. This thread was for configuring azure B2C. Also the link u mention above is for Azure B2C. https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers.

Azure B2C does not involve using a specialized configuration app written by Atlassian. 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

See Atlassian Access in action - Live Demo

Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...

91 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you