Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,360,258
Community Members
 
Community Events
168
Community Groups

SSO with multiple azure tenancies

Hi there,

I'm looking to migrate our Jira Service desk from server to cloud. I'm having some issues on how to get SAML SSO setup for a district of schools that I work for, I can setup SSO using Azure AD but each site in the district has a separate Azure AD tenancy. Atlassian Access appears to only allow a single SSO provider at a time per organisation.

I can think of 3 solutions but I might be missing something so any help is appreciated.

  1. Add more organisations to our Atlassian Cloud and setup each school separately. However, I’m not sure on how licensing cost would work out if my team had to be licensed on each organisation.
  2. Migrate our Office 365/Azure tenancies into a single tenancy. Easy to say, not so easy to action.
  3. Use another SSO provider like Okta. I feel this would be a large expense however.

4 answers

1 accepted

0 votes
Answer accepted
Dave Meyer Atlassian Team Feb 07, 2020

Hi @Kristian Matthews ,

Unfortunately we don't support the ability to split users on the same domain across different SAML configurations. However this is on our roadmap to address in the near future: https://jira.atlassian.com/browse/ACCESS-572

If each school's users are on a separate email domain, you could create an organization for each school. Atlassian Access is billed per user, so the licensing cost would be approximately the same. I don't think there would be any difference in licensing cost whether your identity provider is Azure AD or Okta.

Hi Dave, has engineering nailed down a date when this functionality would be in JIRA?

Dave Meyer Atlassian Team Jun 19, 2020

Hi @Dan Brewerton ,

We're actively working on this project; however the ability to set up multiple SSO providers is only slated for the final milestone. We're hoping to have this done in the first half of 2021.

Multiple tenants could be federated into azure B2C.  In fact  we are trying to use Azure B2C since we want work across multiple  Identities and log into Atlassian cloud.

Wondering if AzureB2C as SAML provider has been successfully implemented. 

1 vote

Hi @Kristian Matthews ,

You can take a look at some sort of bridge or connector between Atlassian Access and Azure AD(s). Where connector will take care of multiple Azure AD SSO configuration and act as single IDP for Atlassian Access.

FYI,

I work for the miniOrange, one of the top SSO vendors in the Atlassian Marketplace and we have a module (broker service) that helps you to achieve your use case. It is available in both cloud and On-Premise version.

Please check the docs for more details.

https://idp.miniorange.com/docs/single-sign-on/identity-broker-service/

Feel free to reach out to miniOrange support, in case if you need help with the configuration or have any other questions.

Hello @Dave Meyer

I have carefully read the initial comment and the scenario that he mentions does not correspond to the feature that you indicate and that is currently on the roadmap [ACCESS-572], there they talk about having different IdPs (Google, Microsoft...) at the same time on the same organization/tenant, but what he is initially asking for is to have the same IdP (Microsoft AAD) but for different tenants/directories, I think it corresponds to this ticket: ACCESS-885.
I have the same situation as him.

Dave Meyer Atlassian Team Jun 27, 2022

@Carlos Sancho Écija the work that we are doing to support multiple SAML and SCIM configurations for an organization will be applicable whether it's multiple connections to the same IdP or if the organization is using different IdPs. From the Atlassian perspective, it's irrelevant.

Great!, thank you for your answer. Is there a realease date for this feature?.

Hello @Dave Meyer , 

is the functionality already available? 

Kind regards, 

Aleksandra Tylko

Dave Meyer Atlassian Team Mar 24, 2022

Hi @Aleksandra Kakol , it's currently in early access. You can contact a member of our team to request to be enrolled. See the message here: https://jira.atlassian.com/browse/ACCESS-572?focusedCommentId=3005741&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3005741

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

Atlassian Access Demo Q&A Recap

Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...

1,502 views 5 5
Read article

Atlassian Community Events