Configure SAML 2.0 for Jira Align using Okta

Okta is a popular SAML 2.0 service. The following is an example of how we have tested and configured Okta with Jira Align. Please review the following example and adjust as needed for your organization's security policies and practices. 

 

Okta

1. Sign into Okta and click Applications in the top menu.

1.png

2. Click the Create New App button on the far right. This will be a SAML 2.0 Web Application.

2.png

3. App Name: Name the application something relevant to your organization. This name is just for identification and not specific to setting up SAML 2.0. In the example, we have named it Jira Align

4. Click Next.

5. Fill out the Single Sign On URL and Audience URI (SP Entity ID) with your Jira Align URL.

Example: https://instance.agilecraft.com or https://instance.jiraalign.com

6. Name ID Format will be either EmailAddress or ExternalID.

6.png

7. Click Next and Finish.

8. In the new application, click Sign On and View Setup Instructions.

9. Copy the metadata from the section - Provide the following IDP metadata to your SP provider to a text editor for later.

10. Make a note of the Identity Provider Single Sign-On URL for later.

10.png

11. Click on Assignments > Assign and Assign People and/or Groups as needed. You will need at least one person assigned to test.

11.png

For additional information, please consult Okta's integration documentation.

 

Jira Align

12. Sign into Jira Align and click Administration > Platform > Security.

12.png

13. Click Add SAML Provider. 

13.png

14. Paste in the SAML 2.0 Metadata from Okta (Step 9 from earlier).

15. NameID Lookup By will be set to match Okta (Step 6 from earlier).

16. Click Save & Close.

17. Set Enable SSO to Yes.

18. Click Save Settings.

 

Testing

19. Open up an incognito window in your browser and navigate to the Identity Provider Single Sign-On URL from Okta (Step 10 from earlier). 

 

Additional Notes

  • The user account you are testing from Okta SAML 2.0 must be also configured on the Jira Align side.
  • User accounts on the Jira Align side can be created using the following methods:
    • API 1.0
    • Excel Import
    • Manually created
    • Users automatically integrated from Jira (the user must be assigned to an integrated issue)

 

Disable Manual Sign In

  • Once you are confident that there are no known issues with SSO, you can go back to Platform Settings from earlier and set Disable Manual Sign In to Yes. 

You'll need to open a ticket with Jira Align to regain access if you get locked out while Disable Manual Sign In is turned on. 

  • After you have set Disable Manual Sign In, you'll be able to fill out the following field:
    • Sign In URL (use the URL from step 10)

If for some reason your Sign In or Sign Out URL contain encoded characters (Example: %20 for space), you'll need to replace that with the non-encoded equivalent.

1 comment

Maxfield B March 31, 2022

Important: When bringing over metadata XML from Okta, you will need to manually remove XML prefixes from each element, for example "md:" and "ds:".

Like # people like this

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events