You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I'm trying to connect Okta to a self-managed Confluence server via SAML.
I've followed the Okta Guide "How to Configure Confluence On-Premise SAML Application", and when I try to log in to Confluence I am re-directed to Okta SSO, but just-in-time user provisioning isn't working (i.e. it doesn't create the user) and I'm then directed back to the Confluence login screen. I've followed references from Enable user auto-provisioning and sync when SAML enabled e.g. the restricted domains function to no avail.
If I create a user with the same details, Confluence still won't work with Okta to sign that user in.
Does anyone have any ideas / documentation they can point me in the direction of? I've found lots but mostly for Atlassian Cloud which isn't very helpful in my situation. Another problematic piece of this is this site isn't and can't be public facing, so the Okta API which calls the Confluence server for user provisioning won't work here.
GitLab works great with JIT Provisioning and SAML! I'm sure Confluence must do.
Thanks in advance.
As Okta's confluence connector doesn't provide just in time provisioning, the only way to create Okta's API. Additional issues in Okta's integration with confluence is that you have to create new files in Confluence(okta-config-confluence.xml) and change the existing Confluence files(seraph-config.xml) which requires a server restart.
I work for miniOrange and you can try our SSO solution for integrating Confluence Server with Okta: SAML SSO for Confluence. The app supports new user creation by default. It doesn't require any changes in Confluence files and no server restart is required. You can configure it seamlessly in few minutes by uploading Okta's metadata file.
Here's a link to the step by step guide you can use for complete SSO setup: SSO into Confluence using Okta as IDP. If you need any assistance with the setup, we can schedule a quick call with you to get the SSO working.
if you can't use the OKTA API and have to use just in time Provisioning, then you need to look at a 3rd party App like ours.
While we can also use the API from OKTA to synchronize Users, we can also do that via attributes in the SAML message.
Here is our YouTube Tutorial that shows this setup: https://youtu.be/8VP-KF4m30M
As well as our Step-by-Step Guide: https://wiki.resolution.de/doc/saml-sso/latest/all/setup-guides-for-saml-sso/okta/okta-with-just-in-time-provisioning
To my knowledge the okta-jar file you are currently using does not support User creation without API & Atlassian's Data-Center SAML Implementation has no provisioning features at all.
You've certainly got more choice in the marketplace than just our app - this search should give you a comprehensive list: https://marketplace.atlassian.com/search?query=saml
Full disclosure: I work for resolution GmbH, a Top Gold Marketplace Vendor
Does the integration work for pre-existing users?
Make sure that Okta is setup to send user attributes as part of the SAML response. It can be that the users are not created because Atlassian Access does not have the necessary data to construct user records.
When you create a new SAML application in your Okta you find a section called Attribute statements. Have you filled out these fields?
I work for Kantega SSO, one of the marketplace vendors with on-prem SSO apps. Allthough there might be deviations from how to integrate with Atlassian Access, you can use our setup guides (describing Attribute statements) as inspiration: https://docs.kantega.no/display/KA/Okta
Hope you find a solution here.