Can we transition our Atlassian instance to use Okta for authentication while allowing external collaborators without Okta accounts to access it?
We plan to move our Atlassian instance to Okta for authentication to manage access for internal users. However, our organization collaborates with external users from other business units who do not have accounts in our Okta instance. We want to ensure these external users can still be added to our Atlassian platform without compromising security. I'm assuming that this is indeed possible because of the Guest user functionality in confluence, but I want confirmation on this.
What configurations or solutions would you recommend supporting a mixed user base while maintaining secure access management?
Hi Ryan and Kristian,
Yes it is possible, BUT, in order to fully utilize Okta for single sign-on (SSO) on your Atlassian Cloud site, you will need to purchase/subscribe to Atlassian Guard - as it enables the necessary integrations with Okta for user provisioning and security features like SAML authentication; essentially, Guard acts as the bridge between your Okta identity provider and your Atlassian Cloud products. Here is link to an overview page on using the 2 products together. Here is a link to the article that describes how to configure user provisioning with Okta. This would be a great place to start, as you can see all of the steps necessary, before committing to the product.
During the install/configuration of Atlassian Guard, there is a step in which you can configure what are called Authentication Policies. This is a great page, as it gives examples of different types of users (like the external, non-Okta users, you mentioned).
If you have a network admin in your organization, the above articles would be recommended for them, to see if it would work for your team. Please let me know if you have any additional questions.
Hi @Ryan Rhodes and welcome to the Community.
We're using Okta and have external users (proper users, not 'just' guests) who do not have Okta 'accounts'.
As to how this is set up, I can't tell, that's literally not my department, but that mixed approach is possible.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.