Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Self-managed confluence server and Okta SSO

Hello,

I'm trying to connect Okta to a self-managed Confluence server via SAML. 

I've followed the Okta Guide "How to Configure Confluence On-Premise SAML Application", and when I try to log in to Confluence I am re-directed to Okta SSO, but just-in-time user provisioning isn't working (i.e. it doesn't create the user) and I'm then directed back to the Confluence login screen. I've followed references from Enable user auto-provisioning and sync when SAML enabled e.g. the restricted domains function to no avail.

If I create a user with the same details, Confluence still won't work with Okta to sign that user in.

Does anyone have any ideas / documentation they can point me in the direction of? I've found lots but mostly for Atlassian Cloud which isn't very helpful in my situation. Another problematic piece of this is this site isn't and can't be public facing, so the Okta API which calls the Confluence server for user provisioning won't work here.

GitLab works great with JIT Provisioning and SAML! I'm sure Confluence must do. 

Thanks in advance.

3 answers

Does the integration work for pre-existing users?

Make sure that Okta is setup to send user attributes as part of the SAML response. It can be that the users are not created because Atlassian Access does not have the necessary data to construct user records.

When you create a new SAML application in your Okta you find a section called Attribute statements. Have you filled out these fields?

I work for Kantega SSO, one of the marketplace vendors with on-prem SSO apps. Allthough there might be deviations from how to integrate with Atlassian Access, you can use our setup guides (describing Attribute statements) as inspiration: https://docs.kantega.no/display/KA/Okta


Hope you find a solution here.
Jon Espen
Kantega SSO


Hi Ben,

if you can't use the OKTA API and have to use just in time Provisioning, then you need to look at a 3rd party App like ours.

While we can also use the API from OKTA to synchronize Users, we can also do that via attributes in the SAML message.

Here is our YouTube Tutorial that shows this setup: https://youtu.be/8VP-KF4m30M

As well as our Step-by-Step Guide: https://wiki.resolution.de/doc/saml-sso/latest/all/setup-guides-for-saml-sso/okta/okta-with-just-in-time-provisioning

To my knowledge the okta-jar file you are currently using does not support User creation without API & Atlassian's Data-Center SAML Implementation has no provisioning features at all.

You've certainly got more choice in the marketplace than just our app - this search should give you a comprehensive list: https://marketplace.atlassian.com/search?query=saml

Cheers,
    Christian

Full disclosure: I work for resolution GmbH, a Top Gold Marketplace Vendor

Hi Ben,


As Okta's confluence connector doesn't provide just in time provisioning, the only way to create Okta's API. Additional issues in Okta's integration with confluence is that you have to create new files in Confluence(okta-config-confluence.xml) and change the existing Confluence files(seraph-config.xml) which requires a server restart.


I work for miniOrange and you can try our SSO solution for integrating Confluence Server with Okta: SAML SSO for Confluence. The app supports new user creation by default. It doesn't require any changes in Confluence files and no server restart is required. You can configure it seamlessly in few minutes by uploading Okta's metadata file.


Here's a link to the step by step guide you can use for complete SSO setup: SSO into Confluence using Okta as IDP. If you need any assistance with the setup, we can schedule a quick call with you to get the SSO working.

Thanks,
Ankit Ahuja

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Data Center

Introducing Data Center Community licenses

I'm Alison Huselid, Head of Product for Data Center at Atlassian. As we shared in our last post, we’ve been working on a solution for those of you who work for charitable non-profit organizations tha...

3,490 views 24 82
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you