How to the the unique Entity ID values for Atlassian SP?

Ventsislav Gramatski February 20, 2019

Hello everyone!

I am working to integrate SSO for our JIRA Cloud with ADFS. I understand this won't be supported by Atlassian but I can't even get the setup as I do not know where to get our unique Entity ID to complete the URLs for JIRA as the SP? I mean these:

SAML Assertion (SP Identifier):
https://auth.atlassian.com/saml/<unique Entity ID>

Login/logout redirect URL:
https://auth.atlassian.com/login/callback?connection=saml-<unique Entity ID>

 

Where the <unique Entity ID> should be dynamically created for our subscription. I raised a support case but so far the response I received is to contact our IdP to get these... given that we own and manage our IdP (ADFS), I already know the required endpoints. :)

The Azure SSO integration (at: here) suggests that the <unique Entity ID> might be generated at the moment when the SSO configuration is initiated in Atlassian Access but I would like to be certain, as the entire process will cause downtime for our production teams.

Anyone knows where/how I can get the <unique Entity ID> ? Thanks!

1 answer

1 accepted

1 vote
Answer accepted
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 25, 2019

Hey Ventsislav!

Despite not providing official support, we do have some extensive documentation you may have already seen at SAML single sign-on - Unsupported identity providers.

Going off the Microsoft document you linked, the missing piece is probably what's quoted in our documentation here:

After adding your identity provider details to the 'SAML single sign-on' page for your Atlassian organization, you'll see new fields and values appear. Copy those values over to your identity provider. 

 

So this is what the admin page looks like before you add the ADFS details in admin.atlassian.com:
image.png

 

After clicking the blue "Add SAML configuration" button and filling out the details, viola, the necessary fields are available. The SP Entity ID field is the one you'll want. Sounds like ADFS or Azure AD are trying to helpfully pre-fill the non-unique part of the URL. You can just use the copy button and blow out the entire field on the ADFS/Azure side.

image.png

 

Hope that helps, and happy authenticating!
Daniel

Ventsislav Gramatski February 26, 2019

Hello Daniel,

Thanks, exactly what I needed! I though that the SP Entity ID was being generated upon signing for Atlassian Access rather than when initializing the SSO configuration. I'll have to plan this for the switch-over. :)

 

Kind regards,

Ventsislav

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events