We are exploring Atlassian access for user and SSO provisioning to Jira Service Desk Cloud.
We have a mobile app where our users log in using a unique Agent Code and password that is authenticated to AD. However these users may share the same email address. What we want is once the user is authenticated by AD, they can access JSD Customer Portal (Web view embedded in the mobile app) without further login.
If we want to use Atlassian Access for user and SSO provisioning with the condition specified above, is that possible? what will be the pros and cons?
I have read the following article, that might be a conflict if the AD is not configured properly.
I guess that if we configure Agent Code as internal id for the users that will not change then our scenario is possible even though these users may share same email id. However, that's only my guess.
I am open to any suggestion from experts and more experienced folks.
Thanks for using Atlassian Community.
To start off with Atlassian Access which provides the SSO solution in Atlassian cloud is done via SAML. Unfortunately, it's not possible to directly use the session token generated by third party AD into accessing a Jira Service Desk portal in cloud.
With Atlassian Access, the SSO login flow is always via our centralized identity service in https://id.atlassian.com. Our ID service will communicate with your AD via SAML during end user's authentication. On a successful authentication, the browser session token is generated for Atlassian cloud and that will be used when accessing the service in Atlassian cloud (ie. Jira service desk cloud portal).
The solution also requires the following :
The mapping on the KB Page you mentioned refers to how the Atlassian Account is connected to the account on AD side via SAML. Technically, you can have an Atlassian Account under a shared email address under your domain and you can enforce the SSO to that with your AD. On Atlassian side though, the end users' identity will be lost under one shared Atlassian Account, so I would not recommend it.
On the other hand, Atlassian Access SSO is free to use for unlicensed domain users which makes it free for service desk portal customers.
May I ask what is your identity service provider and does it support SAML?
Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events