Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSO with multiple azure tenancies

Deleted user February 6, 2020

Hi there,

I'm looking to migrate our Jira Service desk from server to cloud. I'm having some issues on how to get SAML SSO setup for a district of schools that I work for, I can setup SSO using Azure AD but each site in the district has a separate Azure AD tenancy. Atlassian Access appears to only allow a single SSO provider at a time per organisation.

I can think of 3 solutions but I might be missing something so any help is appreciated.

  1. Add more organisations to our Atlassian Cloud and setup each school separately. However, I’m not sure on how licensing cost would work out if my team had to be licensed on each organisation.
  2. Migrate our Office 365/Azure tenancies into a single tenancy. Easy to say, not so easy to action.
  3. Use another SSO provider like Okta. I feel this would be a large expense however.
Answer
Watch
Like Be the first to like this
2604 views

4 answers

1 accepted

0 votes
Answer accepted
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 7, 2020

Hi @[deleted] ,

Unfortunately we don't support the ability to split users on the same domain across different SAML configurations. However this is on our roadmap to address in the near future: https://jira.atlassian.com/browse/ACCESS-572

If each school's users are on a separate email domain, you could create an organization for each school. Atlassian Access is billed per user, so the licensing cost would be approximately the same. I don't think there would be any difference in licensing cost whether your identity provider is Azure AD or Okta.

View More Comments
Dan Brewerton
Dan Brewerton June 16, 2020

Hi Dave, has engineering nailed down a date when this functionality would be in JIRA?

Like
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 19, 2020

Hi @Dan Brewerton ,

We're actively working on this project; however the ability to set up multiple SSO providers is only slated for the final milestone. We're hoping to have this done in the first half of 2021.

Like
Ajay Wadhawan
Ajay Wadhawan July 16, 2020

Multiple tenants could be federated into azure B2C.  In fact  we are trying to use Azure B2C since we want work across multiple  Identities and log into Atlassian cloud.

Wondering if AzureB2C as SAML provider has been successfully implemented. 

Like
Reply
1 vote
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
February 7, 2020

Hi @[deleted] ,

You can take a look at some sort of bridge or connector between Atlassian Access and Azure AD(s). Where connector will take care of multiple Azure AD SSO configuration and act as single IDP for Atlassian Access.

FYI,

I work for the miniOrange, one of the top SSO vendors in the Atlassian Marketplace and we have a module (broker service) that helps you to achieve your use case. It is available in both cloud and On-Premise version.

Please check the docs for more details.

https://idp.miniorange.com/docs/single-sign-on/identity-broker-service/

Feel free to reach out to miniOrange support, in case if you need help with the configuration or have any other questions.

Reply
0 votes
Carlos Sancho Écija
Carlos Sancho Écija June 27, 2022

Hello @Dave Meyer

I have carefully read the initial comment and the scenario that he mentions does not correspond to the feature that you indicate and that is currently on the roadmap [ACCESS-572], there they talk about having different IdPs (Google, Microsoft...) at the same time on the same organization/tenant, but what he is initially asking for is to have the same IdP (Microsoft AAD) but for different tenants/directories, I think it corresponds to this ticket: ACCESS-885.
I have the same situation as him.

View More Comments
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 27, 2022

@Carlos Sancho Écija the work that we are doing to support multiple SAML and SCIM configurations for an organization will be applicable whether it's multiple connections to the same IdP or if the organization is using different IdPs. From the Atlassian perspective, it's irrelevant.

Like
Carlos Sancho Écija
Carlos Sancho Écija June 27, 2022

Great!, thank you for your answer. Is there a realease date for this feature?.

Like
Reply
0 votes
Aleksandra Kakol
Aleksandra Kakol March 24, 2022

Hello @Dave Meyer , 

is the functionality already available? 

Kind regards, 

Aleksandra Tylko

View More Comments
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 24, 2022

Hi @Aleksandra Kakol , it's currently in early access. You can contact a member of our team to request to be enrolled. See the message here: https://jira.atlassian.com/browse/ACCESS-572?focusedCommentId=3005741&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3005741

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events