Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

SAML for Service Desk customers?

We are using Service Desk Cloud as an internal support tool for our company users. Most of them handle their issues by email. Some make even use out of the support portal, but most don't even know the password of their accounts. Because they have been created automatically when they sent the first email.

I would like to promote the usage of our portal, offer some confluence FAQ articles there etc. But having to sign in  is a nuicance for the customers... Now I figured out that we could use Identiy-Manager to provide single sign on even to my customers, because all have email adresses with the same (managed) domain.

After talking with Atlassian license support, I understood that in future all managed accounts (even the one for Service Desk customers) will be billed with 3 USD per user and month. We have round about 200 active users in our company and I would have to create a (billed) account for everyone (if I see that somebody joined the company)... In addition, I have no idea how to handle resigned users... They keep billed unless I disable them, but since they are not part of our team, I don't know about their leave...  In the end I will have a monthly bill of at least 600 USD that keeps growing - completeley out of my control...

Obviously I can't justify the usage of Identiy-Manager under that circumstances. Are there any alternatives to use Atlassian's cloud services and still provide a smooth experience to my customers?

Thanks a lot for your input and best regards!

5 answers

1 accepted

8 votes
Answer accepted
Rodrigo B. Atlassian Team Jun 11, 2018

Hello @Dirk Festerling, @Marthine@Danyal Iqbal and @[deleted],

I hope you are all well!

With the product Atlassian Access (Identity Manager) being generally available, some of our customers' concerns were addressed and delivered together, for example, Atlassian accounts that does not have any product license (Customer accounts) are no longer charged on the Atlassian Access billing, only agents (licensed on JSD), which means you can use SAML for them and not pay for these users, you can read more about it here:

We do still have an appropriate feature request for Jira Service Desk customers, those that you can't verify the domain. This is the feature request, please if you haven't done it yet, vote and watch it!

It's thanks to all the feedback received by you, our customers, during the Early Access Program for Identity Manager that we delivered free SAML integration for portal-only users with Atlassian accounts, it matters a lot to us that you keep participating and sharing your insights!

Thank you & best regards,

Rodrigo Becker
Atlassian Cloud Support

Hi Rod,

This makes Service Desk and SAML much more attractive for internal support teams. I appreciate this!


Hello Rodrigo,

Thanks for your answer on this topic/request. Will Atlassian Access only be available on Cloud or are there ways of enabling it as a service within Server/Data Center applications?


Kind Regards,


Rodrigo B. Atlassian Team Jan 18, 2019

Hi Stéphane,

Great question! Unfortunately the Atlassian Access product is for the Cloud only, its features are designed to interact exclusively with the Cloud architecture, so it can't be used as a service for Server/Data Center, currently there are no plans on our roadmap to model Atlassian Access for these platforms.

Best regards,


Like Stéphane Veraart likes this

Follow-up: If the customer (portal-only user) has an email address verified with Atlassian Access, site-admin can migrate the account to Atlassian account so that the customer can login with SSO.

Screenshot 2019-10-29 14.00.22.pngScreenshot 2019-10-29 14.11.20.png

Vote for JSDCLOUD-630 if you want a customer to login with SSO via customer portal without migration.

So I am running into this as well now. I've got an Atlassian Access trial and I was able to configure Okta SSO for access to Jira and Confluence which gets my Dev and IT teams into where they need to be, but I am really looking for a solution to get service desk customers access via Okta and so far all of my good searches are coming up empty.


@Rodrigo B. is there a way to give Jira Service Desk SSO access via Okta to our internal customers?


Thanks in advance for the help.

That is reassuring.. So is their going to be a solution?

Did you ever get an answer on this one?  We are in the same situation.    

No solution and no answer, but maybe @Rodrigo B. can provide insight into this subject.

Rodrigo B. Atlassian Team Feb 18, 2019

Thanks for mentioning me here @Stéphane Veraart - Really missed it!

Rodrigo B. Atlassian Team Feb 18, 2019

Hello @Marthine & @Chad Mellon

Apologies for any delay to get back to you with an answer, it seems I missed to be more specific about my initial answer to all of your questions and that was my mistake, so here you go:

There is already one for the confluence space, the regular Jira app and Strike?! or something like that. Why not the customer portal. Or maybe im just failing to see the solution somewhere. Can you please help?

We feel you on this subject, but that is a limitation in Okta, our product team is already aware and works constantly together with our partners to address such problems, but ultimately, all we can do is forward customer feedback, any priorization will be done by their team, you are welcome to raise this concern with them as well for more visibility.

Thank you & kind regards


I believe this is the same issue we are up against. After many google searches and communication with Jira over this, still not sure we have a clear response.

The question above maybe the same as mine if anyone has the answer? 

`1. We would like to use Jira Service Desk for our company but internal only, therefore the portal cannot be public.

2. We would like to provide access and promote the portal by providing everyone an app in OKTA, this would be SAML

- The challenge which I can not get a clear response on. Does JIra charge for every customer using the portal when using SAML? I have had 2 different responses from support on this yes and no. 

- We have been told to turn off users are given product application access and therefore will not be counted as part of the licence. This has now been done but still trying to test if we can setup SAML and does not incur licence fee. Still to be determined.

Has anyone else managed to do this?

Hi @pbraund

Can you confirm if the accepted answer to this question covers your concerns? It references the licensing FAQ for Atlassian Access confirming that Atlassian accounts without product licenses won't be charged.

5. Are Jira Service Desk customers billable?

No, Jira Service Desk customers that submit tickets are not counted toward the Atlassian Access bill. Only Jira Service Desk Agents that log in using an Atlassian Access managed account are counted in Atlassian Access.

Apologies if the information provided to you by different engineers was not consistent, if you still have any questions, please let me know, alright?

Thank you & kind regards,


Appreciate the response @Rodrigo B. - That is good news for us. I suppose my next question is where/how do you configure this?

Rodrigo B. Atlassian Team Apr 17, 2019

@pbraund , it will be the normal flow to configure the SAML integration, all of your users that do not have any product licenses will not count for the Atlassian Access bill automatically, you can actually subscribe for the Atlassian Access trial and export a CSV from your Atlassian organization's managed accounts where you will be able to find the information if the user is billable or not.

If you need further assistance to configure the SAML integration, we support the most popular Identity Providers, this means there are Atlassian Cloud templates there, needing very minimum effort to complete the integration, we also provide information for custom integrations with unsupported Identity Providers, on this case, you can still ask for our help, our limitation is that we will not be able to assist on configurations on the Identity Provider's side, this is our main documentation, you will find specific documentation for each supported Identity Provider there:

If you face any issues or have any questions to make the integration, I'd recommend to raise a support request, since our team will need some information that should not be shared with the public, besides, I hope we can restore your faith on our support to give you consistent guidance on all your issues!


Hi Atlassian, 


I have the same request. It would be nice to create a SAML sign on / app in Okta where we can lead our internal customers to.. 

There is already one for the confluence space, the regular Jira app and Strike?! or something like that. Why not the customer portal. Or maybe im just failing to see the solution somewhere. Can you please help?


KR, Marthine

Agree - is there any update or workaround for this? We are trying to avoid.


1. Go to Service Desk

2. Type in Email

3. See 'your company uses SSO'

4. Get redirected to SSO login

5. Type in SSO login

6. Load Service Desk Home Page

Like # people like this
0 votes
Adibou Atlassian Team Feb 21, 2018


You can set your JIRA Service Desk portal to allow anyone raising requests from there without login.

1- Go to JSD configuration to set Customer permissions

Screen Shot 2018-02-21 at 15.04.43.png

2- In your Project setting, set the customer permissions to "Anyone...without logging in".

Screen Shot 2018-02-21 at 15.34.11.png

For the single sign-on on Atlassian Cloud, I think there is no other way than using the  Identity Managers supported by Atlassian Cloud.

You can have a look at this article, they talk about your issue regarding user and IM:

Hopes it will help.



Deleted user Feb 22, 2018

Do customers count against the license like service desk agents do when using SAML? Right now I manage users via Jira user management. Right now only Service Desk agents require a license customers don't. Is it the same when using SAML access? I plan to use OKTA SAML with Jira.

Yes, customers are counted against the license just like agents when using SAML.

Hi Adrien,

Thanks for you reply! Making our Cloud Instance of Service Desk and the knowledge base public is not really an option. Almost everything in there is classified and for internal use only... 

The article you shared deals with agents and Jira users, and I'm fine with that. But I still don't understand why this applies to Service Desk customers as well. How would you place this Feature in organizations that support a really large internal user base with a Service Desk Cloud instance? Maintain all leaves manually in the IM?


Like YC Lian likes this

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Atlassian Access

Atlassian Access Demo Q&A Recap

Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...

1,153 views 4 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you