You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We are trying to implement Service Desk but we have hit a brick wall in that we cannot figure out how we can SSO our customers into Service Desk.
Our Use Case:
1. We are a SaaS web application
2. Our users are employees of businesses who have purchased our application
3. Our users already have accounts logging them into our web application
4. We want to offer service desk as our "contact support" tool
5. We do not want our customers to have to login again to service desk after they have already logged into our application (we already know who they are)
1. User logs into our application
2. User clicks on "Contact Support" link
3. Service Desk opens allowing them to submit a support request
We originally thought we could use SAML for this but it appears that Atlassian requires that we own the domains of the email addresses of all users signing into Service Desk. We do not own these domains since they are owned by our customers. It would not be scalable for us to work with every customer's IT department to try to get certificates for each of their domains so that we can do SAML. Thus, I'm researching alternatives.
Can Crowd be used to SSO from our application into Service Desk without us having to own the domains of the email addresses being used by our customers?
Thanks in advance!
@Bruno Vincent - however crowd doesn't support SAML and the Way I understand her Question is that they have the Users already on their own SaaS application, which acts as an Idp. So unless I misunderstand her, I don't think Crowd is a good solution here.
@Christian Reichert (resolution), Crowd would be just fine. No need for SAML here. The workflow would be:
1. User logs into the Saas application
2. Saas application asks the Crowd server for a Crowd SSO token for the user: https://docs.atlassian.com/atlassian-crowd/3.1.1/REST/#usermanagement/1/session
3. Saas application sets the Crowd SSO token in a cookie
4. User clicks on "Contact support" link, Crowd SSO token is sent and SSO magic occurs.
The only requirement is that the Saas application and Jira are on the same domain (e.g. saasapp.whateverdomain.com and jira.whateverdomain.com)
@Bruno Vincent - Fair point.
@Audra Webster So if you are going for Server, you should have two possible routes now.
One via Crowd (you need to add some REST calls to your Application, to create/update Users & the SSO Token) or one via SAML where you can do authentication & just in time provisioning of Users during login.
Pricing wise there shouldn't be much of a difference between either, so it's probably more of a Question of what is easier for your team to implement.
But all on Server/datacenter, not on Cloud.
you never explicitly mentioned if you are using Jira Cloud or Jira Datacenter (probably not Server due to you referring to Atlassian SAML). Both support SAML out of the Box.
At least for Server & Datacenter there are App available on the Marketplace, like ours - which don't have the "Domain" requirement.
So if SSO is essential to you (and I don't know of a Way to achieve what you need on cloud) you may want to consider Jira Server/Datacenter. There are also hosting companies around, which at least take the hassle away of you running your own Jira. Not the exact same as Jira Cloud, I appreciate that but maybe a "good enough" solution to your requirement.