You can checkout our app SAML SSO for Confluence which supports Okta as IDP. You can try the app for free on the link below:
Here's a step by step guide to set it up with Okta. This generally takes 2-4 minutes.
If you need any assistance in setting this up, you can reach out to firstname.lastname@example.org and they'll set up a screen share with you to get your set up up and running.
P.S: Full Disclosure, I work with miniOrange, one of the top SSO vendors on Atlassian marketplace.
Yes, you can have a simple login button and SSO button beside it. Apart from this, you can enable Manual Login or SSO based on email domain. So you can configure SSO for your AD users only. Here, users will be asked to enter email address/username first and based on the email domain, they'll be either shown a manual login page or redirected to Okta.
Regarding AD consideration, it is compatible with AD. Your users will be logged in with their AD synced account after SSO.
Hi @Ernie Jennings
Setting up Okta as an identity provider to confluence is quite straight forward and can be done using both the SAML and OpenID Connect standards. For Confluence server you need one of the marketplace SSO app to achieve this.
There are, however, some gotchas related to how to provision users and give Confluence knowledge about Okta user accounts and their permissions. You can create and maintain user records manually, but there are also more automated ways of keeping confluence user directories up to date. Just-in-time provisioning makes use of SAML user attributes (name, email and group memberships) to update confluence on-the-fly each time a user logs in. User sync or cloud user provisioning is a third alternative, where a background process takes care of updating Confluence with user data from Okta. The advantage of the latter approach is that it can also remove and deactivate users that no longer should have access. https://kantega-sso.com/articles/provisioning/
Should all users in your organization access Confluence through Okta, or will you also have other users (like internship students, external consultants and admins) that will need to login natively with username and password directly in confluence? If that is the case, you should select a solution that allow you to combine SSO with traditional login. 2-step login is something many organizations use here to automatically route a subset of users to the right login mechanism. https://kantega-sso.com/articles/2steplogin/
If you want to apply stronger authentication like 2 factor auth, there are also a gotcha related to closing traditional confluence login options (removing weak authentication as an option and login alternative). https://kantega-sso.com/articles/MFA/
Hope this help you to progress and setup a secure and user friendly user experience, and get a user access solution that is easy to maintain.
- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events