Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SSO with multiple azure tenancies

Hi there,

I'm looking to migrate our Jira Service desk from server to cloud. I'm having some issues on how to get SAML SSO setup for a district of schools that I work for, I can setup SSO using Azure AD but each site in the district has a separate Azure AD tenancy. Atlassian Access appears to only allow a single SSO provider at a time per organisation.

I can think of 3 solutions but I might be missing something so any help is appreciated.

  1. Add more organisations to our Atlassian Cloud and setup each school separately. However, I’m not sure on how licensing cost would work out if my team had to be licensed on each organisation.
  2. Migrate our Office 365/Azure tenancies into a single tenancy. Easy to say, not so easy to action.
  3. Use another SSO provider like Okta. I feel this would be a large expense however.

2 answers

1 accepted

0 votes
Answer accepted
Dave Meyer Atlassian Team Feb 07, 2020

Hi @Kristian Matthews ,

Unfortunately we don't support the ability to split users on the same domain across different SAML configurations. However this is on our roadmap to address in the near future: https://jira.atlassian.com/browse/ACCESS-572

If each school's users are on a separate email domain, you could create an organization for each school. Atlassian Access is billed per user, so the licensing cost would be approximately the same. I don't think there would be any difference in licensing cost whether your identity provider is Azure AD or Okta.

Hi Dave, has engineering nailed down a date when this functionality would be in JIRA?

Dave Meyer Atlassian Team Jun 19, 2020

Hi @Dan Brewerton ,

We're actively working on this project; however the ability to set up multiple SSO providers is only slated for the final milestone. We're hoping to have this done in the first half of 2021.

Multiple tenants could be federated into azure B2C.  In fact  we are trying to use Azure B2C since we want work across multiple  Identities and log into Atlassian cloud.

Wondering if AzureB2C as SAML provider has been successfully implemented. 

Hi @Kristian Matthews ,

You can take a look at some sort of bridge or connector between Atlassian Access and Azure AD(s). Where connector will take care of multiple Azure AD SSO configuration and act as single IDP for Atlassian Access.

FYI,

I work for the miniOrange, one of the top SSO vendors in the Atlassian Marketplace and we have a module (broker service) that helps you to achieve your use case. It is available in both cloud and On-Premise version.

Please check the docs for more details.

https://idp.miniorange.com/docs/single-sign-on/identity-broker-service/

Feel free to reach out to miniOrange support, in case if you need help with the configuration or have any other questions.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

See Atlassian Access in action - Live Demo

Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...

126 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you