I am exploring ways to integrate Jira, Confluence etc. with SSO to AzureAD. My idea so far is to use the direct directory integration of Crowd with Azure AD to provision users and groups. SSO auth with Atlassian tools should happen with snap-ins like "Microsoft Azure Active Directory single sign-on for JIRA".
This article seems to point in the same direction:
Has anybody get such an setup already up and running?
So far I fail already in my test setup with the following error message when trying to sync Crowd with AAD:
2019-02-19 09:31:45,005 Caesium-2-4 INFO [microsoft.aad.adal4j.AuthenticationAuthority] [Correlation ID: b28eb4bb-e5f4-4433-bb59-c4881b655d50] Instance discovery was successful
2019-02-19 09:31:46,520 Caesium-2-4 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 1277954 ].
Thanks a lot for your input!
If anybody is interested: Works as expected! You can use all "bells and whistles" of Azure AD authentication as:
Very cool stuff.
Would be nice to see Atlassian having an official documentation on that.
Maybe you can help us out;
Can you give us some pointers and/or share details of your setup? It would be much appreciated!
Ok, thanks for your reply. We were hoping that Crowd would be able to replace any additional SSO plugins, but it seems to be only in addition then. The MS plugins are not available for Bitbucket & Bamboo as far as I know. That would then mean that users need to use Jira or Confluence before going to Bitbucket or Bamboo to have a full SSO experience. We will do some testing with this setup, and I'll let you know how it went.
We did shortly look into that, and loaded a datacenter license. However, the system add-on in Jira and Confluence was reporting to be an incompatible version (which should not have been the case) , and could not be set up.
We did install the MS add-on, and though it works, it is not the most beautiful solution out there. What we would like, is to have any user being redirected to the SSO when accessing the Jira/Confluence pages. With the MS Add-on, users still need to click the logon button, or use the direct SSO link. Compared to that the configurability of our current plugin is much nicer, so we will keep using that. With the combination of Crowd and the SAML SSO plugin, we have everything working, but we are still looking at another route, that would not require Crowd.
So what we are now trying to do, is setup a SLDAP server within Azure, and connect that as a user directory. This way we avoid the need for Crowd, simply for connecting to Azure. We will post an update when we have tried that.
thanks for speaking highly about our SAML Single Sign On Plugin.
I am not sure if you have seen this, but in the newer Versions our Plugin supports direct User Synchronisation with with Azure AD (and Okta, GSuite).
There may be no need for SLDAP. If you share your exact use case/requirements, I may be able to give you a bit more advice.
If you don't want to share your topology in a public Forum, you can also do this in a support case: https://resolution.de/go/support
Full disclosure: I work for resolution GmbH, a marketplace vendor.
Incident response is a team sport, and customer support is an integral part of any team. While Ops is working hard to solve the problem at hand, support is on the front lines communicating with custo...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs