SAML now a paid feature

I'm seeking to clarify the recent correspondence I received regarding the change of the SAML authentication over to a paid product. According to the announcement SAML can only be used if you purchase the premium identity offering. The only functionality we use is to authenticate with Microsoft Azure AD so that users don't need to remember another password.

I've just sold Confluence to the business for about 300 users and within a few months being told this feature will almost double the cost of using Confluence (according to website pricing).

We use a number of cloud based systems and single sign-on is a key feature we look for. No other product we use charges for this feature. You could even argue it's simpler because Microsoft handles the login and management of users and passwords.

Is there a way to use SAML without needing to purchase the identity product?

6 answers

1 accepted

3 votes
Accepted answer
Susan Ostreicher Community Champion Nov 10, 2017

@Jason Taylor, we're also using authentication through Azure for our Cloud site.  I had the same concern as you when Identity Manager was announced in September.  We started a subscription for 2,000 users before the Cloud pricing changed in July, so for us the percentage increase is even higher -- Identity Manager actually would cost over 6 times more per year than what we paid for the Confluence licenses.  

I contacted Atlassian Support to understand our options, since we've already paid for a year of Cloud licenses upfront but we can't afford to keep using them under Identity Manager.  Unfortunately, the answer I got was that we'd either need to purchase Identity manager or to forgo the rest of our Cloud subscription and switch to Server.  I was also told that there isn't an exact release date for Identity Manager, but Cloud customers will have 30 days notice before the free SAML is discontinued.  

If you use G Suite, you might look into authenticating that way.  I was told there will still be no charge for connecting through G Suite after Identity Manager is launched.  We use G Suite, but unfortunately can't use that approach because Atlassian wasn't able to provide our security team with written documentation of how PII is managed.  

That's really disappointing for you and your company. For me it's quite embarrassing as I fought hard to get Confluence into the business when we're already paying for SharePoint and there are open source wiki alternatives.

We're in the same boat with Confluence pricing as I quickly got in an annual subscription before the licensing was increased. I was basing my calcs on the current web pricing.

That's now twice within a few months that Atlassian have decided to change the pricing with considerable increases. I'm a big fan of cloud based systems but unfortunately you are at the mercy of the vendor because it's not easy to change when you put investment into their platform. I trusted Atlassian wouldn't be that type of company but this shows otherwise.

Thanks for the tip on using G Suite but unfortunately we don't use it.

Hi @Susan Ostreicher,

Your feedback was heard, please take a look at my answer to this question and leave your thoughts!

Thank you,

Rodrigo Becker
Atlassian Cloud Support

Susan Ostreicher Community Champion Sep 12, 2018

Thanks, @Rodrigo Becker.  We actually completed our migration to Server before these changes were made to the pricing model, but that's good to know.

4 votes

Hi Jason,

From the time you posted this question to today, Identity Manager has been launched officially and re-branded to Atlassian Access.

We heard the concerns of our customers regarding the pricing for the product during the Early Access Program and we've made solid changes to it, we'd like to ask you and other community members from this question to check again on the URL below and use the calculator from the first URL, the second URL has FAQs regarding the licensing.

As an example of the change, 2000 users would mean a bill of $ 6,000/month, now with the change the bill is $ 3,250/month, the annual licensing carries the discount equal to 2 months as well.

Additionally, administrators that used Jira Service Desk to serve internal users as customers will still be able to offer SSO for these portal-only users (Without product licenses) without cost to the Atlassian Access billing, more information below as well:

We hope that these changes will make the product more fit to your company's requirements!

Rodrigo Becker
Atlassian Cloud Support

Hello Jason,

What announcement are you referring to?

@Lars Olav Velle - most likely this refers to Introducing Identity Manager for Atlassian Cloud products:

Atlassian Cloud customers have received an email "Updates to password policies & Atlassian Cloud administration", advising them now being part of the early access program and thus able to continue Identity Manager's "Enhanced authentication for Atlassian Cloud products" at no charge, whereas "once generally available, you'll be charged for the unique number of users within your organization" (which comes at a premium of $3 user/month).

In other words, Atlassian will indeed charge separately for security features that most other SaaS providers offer as a core part of their product, and have apparently also decided to take away the formerly free password policies to increase the value add of this new offering.

Being an Atlassian Cloud customer myself, I've admittedly been offended by this approach, because the communication seemingly tries to mask the fact that these "Updates to password policies" imply a considerable price hike for current users of this feature.

Besides, I personally think security should never be a feature one has to pay for in the first place (esp. on a multi tenant SaaS platform) and am saddened to see that Atlassian is missing out on the opportunity to lead by example and put the security of their customers first on principle.

Correct, this is the announcement.

Agree with your point on security is not something you should pay extra for. I would even argue that using Azure AD is less work for Atlassian because all user registration, password resets and logins are handled by Microsoft and Atlassian only need to validate the token and what the user is authorised to do.

I agree this is very disappointing.

While SSO is typically a requirement for all products we deploy, Atlassian isn't used by all employees so I would simply have to switch to password based authentication.

Unfortunately for Atlassian, this will make the experience less delightful for users.

This can only discourage uptake of Atlassian cloud products.

I would suggest selling commercial support for assisting users with SAML setup or for any troubleshooting rather than for the core SAML product; and unfortunately will be turning SSO off if we have to start paying for it.

We are also planning to turn off the SAML feature and I know this will frustrate our users. Recently we invested in an enterprise password management system and will be using this to make the transition to a unique password easier for our users.

My company was just in the process of testing JIRA Cloud and this was one of the first issues i have run into. We also use Azure AD and I use this for plenty of other services, free of charge. There is no reason this should be a paid feature and if we really want to move to the cloud this would be a necessary component. 

We've received an email from Atlassian product advocate in regards to Atlassian Access

Billing and Licensing specialists, and the Atlassian Access team about the situation with your organization account and subscription. Your evaluation of Atlassian Access ended on August 15th, 2018, but there is a grace period of 14 days after your evaluation expires, where SAML SSO with Okta will still function.

We are trying to get a clarification from Atlassian on Access product if this is an Identity Provider type of product and if we are required to pay for the license if we use Atlassian JIRA product as an application. Atlassian JIRA is a Service Provider (SP) in SAML flows with Okta (IDP), which is the Identity Provider in the authentication flows with Atlassian JIRA. 

Could Atlassian Access team comment on this?

Thanks,

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,147 views 20 14
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you