Single Sign on for internal and external users

For most organizations if you had multiple Active Directory or LDAP external directories connected to your Atlassian server products, these directories would be connected to a single cloud identity provider like Azure AD as a universal directory. 

There's some basic architecture diagrams for how this works in Azure AD here (https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn#architecture-diagrams) but typically if there are people within your company that manage your Azure AD deployment, or manage how you log in to other SaaS applications, then it's best to connect with them and understand your org's identity environment.

Hi @Dave Meyer , thanks for the quick answer.

I'm aware of the support for multiple identity provider connections, but unfortunately, that is a Cloud Enterprise Plan exclusive feature, so not available for the Standard/Premium Plans.

I have no knowledge whatsoever about Azure AD, so can you confirm that Azure AD can pull in users from different domains/tenants?

Hey @Dave Mathijs

We actually launched support for multiple identity provider connections for customers with our Cloud Enterprise plan last week. https://community.atlassian.com/t5/Enterprise-articles/Multiple-identity-provider-support-now-available-in-Cloud/ba-p/2093719

However, for this scenario, it's much more common to have multiple directories of different types connected to a single identity provider, and then Atlassian cloud connects to that one identity provider. Basically every major identity provider can pull in users from various types of external directories (Okta and Azure AD examples attached)

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity

https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-get-started.htm