Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,458,064
Community Members
 
Community Events
176
Community Groups

Crowd / Azure AD MFA Plugin

Hello,

We're currently using Crowd as SSO between Jira and Confluence connected to Azure Active Directory, which syncs all users, groups etc which is working well, however Crowd doesn't support Azure MFA and so if a user has MFA enabled, this stops them from being able to login at all to Jira and Confluence.

This is a known limitation (https://jira.atlassian.com/browse/CWD-5322).

Therefore, are there any third-party plugins that support Azure MFA? From what I can see there are none as yet in the Marketplace.

Thanks

2 answers

0 votes

Hi @Ariel Perez ,

 

In Crowd SSO, all the user authentication will be done on the backend, in this case, Azure does not have an optional prompt for the MFA authentication.

There are multiple add-ons in the marketplace which you can use to connect JIRA and Confluence to Azure AD for SSO and on top of that, you can enable Azure AD MFA as well.

I work for the miniOrange one of the top SSO vendors in the Atlassian Marketplace and we have a plugin that you are looking for.

Here, you will need to install three plugins.

  1. Crowd SAML SSO Plugin:- Will be used to connect Crowd and its connector application with Azure AD for SAML SSO
  2. JIRA Crowd connector app:- Crowd SSO Connector app for JIRA
  3. Confluence Crowd connector app:- Crowd SSO Connector app for Confluence

Using the SSO connector, any user accessing that application gets redirected to Azure AD for SSO.

In this case, all the SAML SSO requests and responses to and from Azure AD will go through the Crowd server. The user authentication and MFA will be done by the Azure AD and Crowd can be still be used to manage user and their permissions for JIRA and Confluence.

Also, you don't need to changes any structure or configuration of your existing Crowd SSO setup, All the additional configuration you can do from the plugin's UI.

You also can reach out from our customer portal for more details.

Thanks,
Lokesh

Hi @Ariel Perez ,

our Plugins fully support authentication via SAML to Azure AD including the use of MFA. It's actually quite a common use case.

In your scenario you have to ways to configure our plugin:

1. Leave Crowd as the directory for your Atlassian Application.

In this scenario, you leave Crowd in place to synchronize the Users with Azure AD into the Atlassian Applications. Our plugin then only does the authentication part towards AzureAD. In both your Confluence & Jira, you disable the Crowd authenticator, install & configure out plugin.

When a user is not logged into the Atlassian Application yet, he gets redirected to Azure AD - if he is authenticated there already then he gets redirected straight back. If not Azure AD prompts for the password & MFA if configured so.

This is a good solution if you still manage many groups locally in Crowd across all Applications.

Here are some of the documentation links for this kind of setup: https://wiki.resolution.de/doc/saml-sso/latest/all/setup-guides-for-saml-sso/azure-ad/azure-ad-with-manual-provisioning

 

2. Use our Plugin to Authenticate & Synchronize Users from Azure AD.

Our Plugin has the functionality to not just authenticate Users but also to synchronize them into the Atlassian Application via the Azure AD API.

Effectively eliminating the need for Crowd in this particular instance.

This is a good solution if your Azure AD is the source of truth for both Users & Groups so that there is no (or very little) local group management that needs to be available in both Confluence & Jira.

Here are some of the documentation links for this kind of setup: https://wiki.resolution.de/doc/saml-sso/latest/all/setup-guides-for-saml-sso/azure-ad/azure-ad-with-user-sync

Cheers,
   Chris

P.S. Full disclosure, I work for resolution, a marketplace vendor.

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events