Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,463,390
Community Members
 
Community Events
176
Community Groups

SingleSignOn: How to enable SSo for multiple sites under single oranization?

Hi Team,

We have one organization with two cloud sites one is production instance and second one is test instance.

We are trying to enable SAML SSO  by following below link:

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-tutorial#configure-atlassian-cloud-sso 

As per the above mentioned guide in one of the step we have to provide our instance details.

On the Basic SAML Configuration section, if you wish to configure the application in IDP initiated mode, enter the values for the following fields:

a. In the Identifier text box, type a URL using the following pattern: https://auth.atlassian.com/saml/<unique ID>

b. In the Reply URL text box, type a URL using the following pattern: https://auth.atlassian.com/login/callback?connection=saml-<unique ID>

c. Click Set additional URLs.

d. In the Relay State text box, type a URL using the following pattern: https://<instancename>.atlassian.net

 

so my question here what should we provide in the Relay state text box (point d). If we provide only one of the instance link test site/prod site. Will the SSO is enabled only for that particular instance?

Also in other step it is mentioned that 

Click Set additional URLs and perform the following step if you wish to configure the application in SP initiated mode:

In the Sign-on URL text box, type a URL using the following pattern: https://<instancename>.atlassian.net .

What is the difference between  IDP initiated mode and SP initiated mode. Do we need to both the steps?

1 answer

1 accepted

0 votes
Answer accepted
Dave Meyer Atlassian Team Apr 09, 2020

Hi @Pramod Kumar Mandadapu ,

When you configure SSO, it applies to all instances of all Atlassian products, regardless of whether the sites have been linked to your organization. The linking of sites to your org drives other features like the audit log and admin insights, and helps you collect everything in one place. But part of our promise with SSO is that it will cover all users in your company, regardless of what products or instances they are using.

IdP-initiated auth mode means that SSO is triggered from Azure AD. So a user would click the "Atlassian Cloud" application in the Azure AD "My Apps" portal and be automatically logged in to your instance. So since most users will expect this to point to your production instance, you should use your production instance URL here. SSO will still work for your test instance, you will just need to navigate to it directly in your browser.

SP (service provider) initiated auth starts on the Atlassian side. So if a user goes to an instance, and they haven't logged in, they will be redirected to Azure AD to authenticate. You'll likely want to use your production instance URL here as well, but you can still navigate to your test instance directly in the browser and it will still redirect you to Azure AD if you haven't logged in.

Hope this helps.

Dave

Hi Dave,

 

Thanks for the response. It's working :).

Like Dave Meyer likes this

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events