Can Crowd be used to SSO Customers (domains not owned by us) into Service Desk from our SaaS App?

We are trying to implement Service Desk but we have hit a brick wall in that we cannot figure out how we can SSO our customers into Service Desk. 

Our Use Case:

1. We are a SaaS web application

2. Our users are employees of businesses who have purchased our application

3. Our users already have accounts logging them into our web application

4. We want to offer service desk as our "contact support" tool

5. We do not want our customers to have to login again to service desk after they have already logged into our application (we already know who they are)

Ideal Workflow:

1. User logs into our application

2. User clicks on "Contact Support" link

3. Service Desk opens allowing them to submit a support request

We originally thought we could use SAML for this but it appears that Atlassian requires that we own the domains of the email addresses of all users signing into Service Desk. We do not own these domains since they are owned by our customers. It would not be scalable for us to work with every customer's IT department to try to get certificates for each of their domains so that we can do SAML. Thus, I'm researching alternatives.

Can Crowd be used to SSO from our application into Service Desk without us having to own the domains of the email addresses being used by our customers?

Thanks in advance!

3 answers

1 accepted

1 votes
Bruno Vincent Community Champion Dec 06, 2017

Hi @Audra Webster,

Yes, Crowd would be fine for this but as @Christian Reichert stated you would need Jira Server or Data Center edition, not Cloud.

@Bruno Vincent - however crowd doesn't support SAML and the Way I understand her Question is that they have the Users already on their own SaaS application, which acts as an Idp. So unless I misunderstand her, I don't think Crowd is a good solution here.

Bruno Vincent Community Champion Dec 06, 2017

@Christian Reichert, Crowd would be just fine. No need for SAML here. The workflow would be:

1. User logs into the Saas application

2. Saas application asks the Crowd server for a Crowd SSO token for the user: https://docs.atlassian.com/atlassian-crowd/3.1.1/REST/#usermanagement/1/session

3. Saas application sets the Crowd SSO token in a cookie

4. User clicks on "Contact support" link, Crowd SSO token is sent and SSO magic occurs.

The only requirement is that the Saas application and Jira are on the same domain (e.g. saasapp.whateverdomain.com and jira.whateverdomain.com)

@Bruno Vincent - Fair point.

@Audra Webster So if you are going for Server, you should have two possible routes now.

One via Crowd (you need to add some REST calls to your Application, to create/update Users & the SSO Token) or one via SAML where you can do authentication & just in time provisioning of Users during login.

Pricing wise there shouldn't be much of a difference between either, so it's probably more of a Question of what is easier for your team to implement.

But all on Server/datacenter, not on Cloud.

Hi Audra,

you never explicitly mentioned if you are using Jira Cloud or Jira Datacenter (probably not Server due to you referring to Atlassian SAML). Both support SAML out of the Box.

At least for Server & Datacenter there are App available on the Marketplace, like ours - which don't have the "Domain" requirement.

So if SSO is essential to you (and I don't know of a Way to achieve what you need on cloud) you may want to consider Jira Server/Datacenter. There are also hosting companies around, which at least take the hassle away of you running your own Jira. Not the exact same as Jira Cloud, I appreciate that but maybe a "good enough" solution to your requirement.


Cheers,
Christian

Thanks, @Christian Reichert and @Bruno Vincent

This was hugely helpful!

We initially were going to go with the Cloud version of Jira/ServiceDesk, but we are open to switching to the on-prem version if needed in order to get SSO working.

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

239 views 0 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot