Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Self-managed confluence server and Okta SSO


I'm trying to connect Okta to a self-managed Confluence server via SAML. 

I've followed the Okta Guide "How to Configure Confluence On-Premise SAML Application", and when I try to log in to Confluence I am re-directed to Okta SSO, but just-in-time user provisioning isn't working (i.e. it doesn't create the user) and I'm then directed back to the Confluence login screen. I've followed references from Enable user auto-provisioning and sync when SAML enabled e.g. the restricted domains function to no avail.

If I create a user with the same details, Confluence still won't work with Okta to sign that user in.

Does anyone have any ideas / documentation they can point me in the direction of? I've found lots but mostly for Atlassian Cloud which isn't very helpful in my situation. Another problematic piece of this is this site isn't and can't be public facing, so the Okta API which calls the Confluence server for user provisioning won't work here.

GitLab works great with JIT Provisioning and SAML! I'm sure Confluence must do. 

Thanks in advance.

3 answers

Suggest an answer

Log in or Sign up to answer
0 votes
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Apr 17, 2019

Hi Ben,

As Okta's confluence connector doesn't provide just in time provisioning, the only way to create Okta's API. Additional issues in Okta's integration with confluence is that you have to create new files in Confluence(okta-config-confluence.xml) and change the existing Confluence files(seraph-config.xml) which requires a server restart.

I work for miniOrange and you can try our SSO solution for integrating Confluence Server with Okta: SAML SSO for Confluence. The app supports new user creation by default. It doesn't require any changes in Confluence files and no server restart is required. You can configure it seamlessly in few minutes by uploading Okta's metadata file.

Here's a link to the step by step guide you can use for complete SSO setup: SSO into Confluence using Okta as IDP. If you need any assistance with the setup, we can schedule a quick call with you to get the SSO working.

Ankit Ahuja

0 votes
Christian Reichert _resolution_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Apr 16, 2019

Hi Ben,

if you can't use the OKTA API and have to use just in time Provisioning, then you need to look at a 3rd party App like ours.

While we can also use the API from OKTA to synchronize Users, we can also do that via attributes in the SAML message.

Here is our YouTube Tutorial that shows this setup:

As well as our Step-by-Step Guide:

To my knowledge the okta-jar file you are currently using does not support User creation without API & Atlassian's Data-Center SAML Implementation has no provisioning features at all.

You've certainly got more choice in the marketplace than just our app - this search should give you a comprehensive list:


Full disclosure: I work for resolution GmbH, a Top Gold Marketplace Vendor

0 votes
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Apr 16, 2019

Does the integration work for pre-existing users?

Make sure that Okta is setup to send user attributes as part of the SAML response. It can be that the users are not created because Atlassian Access does not have the necessary data to construct user records.

When you create a new SAML application in your Okta you find a section called Attribute statements. Have you filled out these fields?

I work for Kantega SSO, one of the marketplace vendors with on-prem SSO apps. Allthough there might be deviations from how to integrate with Atlassian Access, you can use our setup guides (describing Attribute statements) as inspiration:

Hope you find a solution here.
Jon Espen
Kantega SSO

AUG Leaders

Atlassian Community Events