Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

OKTA and Confluence

Is anyone using OKTA with Confluence for SSO? Are there any gotchas?  If you have a link to share, that would be great!~

 

Thanks

2 answers

Hi Ernie,

 

You can checkout our app SAML SSO for Confluence which supports Okta as IDP. You can try the app for free on the link below:

https://marketplace.atlassian.com/apps/1215542/single-sign-on-sso-confluence-saml?hosting=server&tab=overview

Here's a step by step guide to set it up with Okta. This generally takes 2-4 minutes.

https://plugins.miniorange.com/saml-single-sign-sso-confluence-using-okta/

If you need any assistance in setting this up, you can reach out to atlassiansupport@xecurify.com and they'll set up a screen share with you to get your set up up and running.

 

Thanks,

Ankit Ahuja

 

P.S: Full Disclosure, I work with miniOrange, one of the top SSO vendors on Atlassian marketplace.

Very cool, thanks so much. We are using the Confluence Internal Directory, is there anything we need to be vigilant about? Eventually, we would like to use AD. Thanks for you're willingness to assist.

Hi @Ankit Ahuja , do you know  is it possible to manually login and have SSO?

Yes, you can have a simple login button and SSO button beside it. Apart from this, you can enable Manual Login or SSO based on email domain. So you can configure SSO for your AD users only. Here, users will be asked to enter email address/username first and based on the email domain, they'll be either shown a manual login page or redirected to Okta.

 

Regarding AD consideration, it is compatible with AD. Your users will be logged in with their AD synced account after SSO. 

Hi @Ernie Jennings 

Setting up Okta as an identity provider to confluence is quite straight forward and can be done using both the SAML and OpenID Connect standards. For Confluence server you need one of the marketplace SSO app to achieve this. 

There are, however, some gotchas related to how to provision users and give Confluence knowledge about Okta user accounts and their permissions. You can create and maintain user records manually, but there are also more automated ways of keeping confluence user directories up to date. Just-in-time provisioning makes use of SAML user attributes (name, email and group memberships) to update confluence on-the-fly each time a user logs in. User sync or cloud user provisioning is a third alternative, where a background process takes care of updating Confluence with user data from Okta. The advantage of the latter approach is that it can also remove and deactivate users that no longer should have access. https://kantega-sso.com/articles/provisioning/

Should all users in your organization access Confluence through Okta, or will you also have other users (like internship students, external consultants and admins) that will need to login natively with username and password directly in confluence? If that is the case, you should select a solution that allow you to combine SSO with traditional login. 2-step login is something many organizations use here to automatically route a subset of users to the right login mechanism. https://kantega-sso.com/articles/2steplogin/

If you want to apply stronger authentication like 2 factor auth, there are also a gotcha related to closing traditional confluence login options (removing weak authentication as an option and login alternative). https://kantega-sso.com/articles/MFA/

Hope this help you to progress and setup a secure and user friendly user experience, and get a user access solution that is easy to maintain.


Regards,
Jon Espen 
Kantega SSO

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

429 views 23 9
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you