I'm seeking to clarify the recent correspondence I received regarding the change of the SAML authentication over to a paid product. According to the announcement SAML can only be used if you purchase the premium identity offering. The only functionality we use is to authenticate with Microsoft Azure AD so that users don't need to remember another password.
I've just sold Confluence to the business for about 300 users and within a few months being told this feature will almost double the cost of using Confluence (according to website pricing).
We use a number of cloud based systems and single sign-on is a key feature we look for. No other product we use charges for this feature. You could even argue it's simpler because Microsoft handles the login and management of users and passwords.
Is there a way to use SAML without needing to purchase the identity product?
From the time you posted this question to today, Identity Manager has been launched officially and re-branded to Atlassian Access.
We heard the concerns of our customers regarding the pricing for the product during the Early Access Program and we've made solid changes to it, we'd like to ask you and other community members from this question to check again on the URL below and use the calculator from the first URL, the second URL has FAQs regarding the licensing.
As an example of the change, 2000 users would mean a bill of $ 6,000/month, now with the change the bill is $ 3,250/month, the annual licensing carries the discount equal to 2 months as well.
Additionally, administrators that used Jira Service Desk to serve internal users as customers will still be able to offer SSO for these portal-only users (Without product licenses) without cost to the Atlassian Access billing, more information below as well:
We hope that these changes will make the product more fit to your company's requirements!
Atlassian Cloud Support
Jira should have come with the inbuilt SSO provisioning. It is not acceptable to pay an additional fee per user to enable the SSO.
I am a big time advocate to using Jira for all our projects for the flexibility the tool offers. Would greatly appreciate if Atlassian would consider the request and remove the fee for enabling SSO for Jira Cloud or Server.
@Jason Taylor, we're also using authentication through Azure for our Cloud site. I had the same concern as you when Identity Manager was announced in September. We started a subscription for 2,000 users before the Cloud pricing changed in July, so for us the percentage increase is even higher -- Identity Manager actually would cost over 6 times more per year than what we paid for the Confluence licenses.
I contacted Atlassian Support to understand our options, since we've already paid for a year of Cloud licenses upfront but we can't afford to keep using them under Identity Manager. Unfortunately, the answer I got was that we'd either need to purchase Identity manager or to forgo the rest of our Cloud subscription and switch to Server. I was also told that there isn't an exact release date for Identity Manager, but Cloud customers will have 30 days notice before the free SAML is discontinued.
If you use G Suite, you might look into authenticating that way. I was told there will still be no charge for connecting through G Suite after Identity Manager is launched. We use G Suite, but unfortunately can't use that approach because Atlassian wasn't able to provide our security team with written documentation of how PII is managed.
That's really disappointing for you and your company. For me it's quite embarrassing as I fought hard to get Confluence into the business when we're already paying for SharePoint and there are open source wiki alternatives.
We're in the same boat with Confluence pricing as I quickly got in an annual subscription before the licensing was increased. I was basing my calcs on the current web pricing.
That's now twice within a few months that Atlassian have decided to change the pricing with considerable increases. I'm a big fan of cloud based systems but unfortunately you are at the mercy of the vendor because it's not easy to change when you put investment into their platform. I trusted Atlassian wouldn't be that type of company but this shows otherwise.
Thanks for the tip on using G Suite but unfortunately we don't use it.
We were just contemplating rolling out Confluence Cloud to the whole company of about 150 users and now I discover that it'll cost $6000 a year just to let them login with their Azure AD account.
Seriously reconsidering now when you're charging such a ridiculous amount for something that every cloud system vendor I've come across provides this at no extra cost.
We are in the same boat. Having to pay this additional (and extremely expensive) fee makes the use of these Cloud tools somewhat uneconomical and so I expect we'll need to carefully consider what happens going forward.
Sure, they offer elevated 1 hour support but the chances of actually making use of this in the Cloud are somewhat diminished given that the type of issues you see in the Cloud don't often need such a elevated response time.
I'm proposing to a client to use Confluence Cloud over other solutions but now it seems I will have to recommending Confluence Server instead or possibly something else, even with the overhead of managing the server and upgrades.
Few years ago a SSO solution was valuable as a stand alone solution, now it is just expected when you buy any SAAS solution that it can integrate to other auth providers. It is not a requirement to have true single sign on, but it is standard to provide the authentication integration.
Remember many years ago when Confluence Server had a really bad integration with AD? I remember, and I also remember when they integrated parts of Crowd to Confluence Server to make that experience better. No extra charge, just user experience and user happiness was increased.
Now imagine if Confluence Cloud did not exist and only Confluence Server and that Atlassian would be ripping the AD connector out and recommend that people just fork out more money that would double their licensing cost.
Federated Authentication is not an optional extra for SAAS solution, it is a core feature. It is one of the first thing you program when creating a SAAS solution.
I agree this is very disappointing.
While SSO is typically a requirement for all products we deploy, Atlassian isn't used by all employees so I would simply have to switch to password based authentication.
Unfortunately for Atlassian, this will make the experience less delightful for users.
This can only discourage uptake of Atlassian cloud products.
I would suggest selling commercial support for assisting users with SAML setup or for any troubleshooting rather than for the core SAML product; and unfortunately will be turning SSO off if we have to start paying for it.
My company was just in the process of testing JIRA Cloud and this was one of the first issues i have run into. We also use Azure AD and I use this for plenty of other services, free of charge. There is no reason this should be a paid feature and if we really want to move to the cloud this would be a necessary component.
@Lars Olav Velle - most likely this refers to Introducing Identity Manager for Atlassian Cloud products:
Atlassian Cloud customers have received an email "Updates to password policies & Atlassian Cloud administration", advising them now being part of the early access program and thus able to continue Identity Manager's "Enhanced authentication for Atlassian Cloud products" at no charge, whereas "once generally available, you'll be charged for the unique number of users within your organization" (which comes at a premium of $3 user/month).
In other words, Atlassian will indeed charge separately for security features that most other SaaS providers offer as a core part of their product, and have apparently also decided to take away the formerly free password policies to increase the value add of this new offering.
Being an Atlassian Cloud customer myself, I've admittedly been offended by this approach, because the communication seemingly tries to mask the fact that these "Updates to password policies" imply a considerable price hike for current users of this feature.
Besides, I personally think security should never be a feature one has to pay for in the first place (esp. on a multi tenant SaaS platform) and am saddened to see that Atlassian is missing out on the opportunity to lead by example and put the security of their customers first on principle.
Agree with your point on security is not something you should pay extra for. I would even argue that using Azure AD is less work for Atlassian because all user registration, password resets and logins are handled by Microsoft and Atlassian only need to validate the token and what the user is authorised to do.
We've received an email from Atlassian product advocate in regards to Atlassian Access
Billing and Licensing specialists, and the Atlassian Access team about the situation with your organization account and subscription. Your evaluation of Atlassian Access ended on August 15th, 2018, but there is a grace period of 14 days after your evaluation expires, where SAML SSO with Okta will still function.
We are trying to get a clarification from Atlassian on Access product if this is an Identity Provider type of product and if we are required to pay for the license if we use Atlassian JIRA product as an application. Atlassian JIRA is a Service Provider (SP) in SAML flows with Okta (IDP), which is the Identity Provider in the authentication flows with Atlassian JIRA.
Could Atlassian Access team comment on this?
What about using this Microsoft Plugin: https://docs.microsoft.com/de-de/azure/active-directory/saas-apps/confluencemicrosoft-tutorial
I currently can't try it as I think you need Azure AD P1 license for that.
Thanks everyone for answering last week’s question. The winner of the random drawing from those who commented is: @LarryBrock I’ll contact you separately with your prize details. This wee...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events