Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Ping One SAML 2.0 Setup for Jira Align

Ping One is a popular SAML 2.0 service. The following is an example of how we have tested and configured Azure with Jira Align. Please review the following example and adjust as needed for your organization's security policies and practices. 

 

Ping One

1.) Sign into Ping One and click on Applications > My Applications > SAML > Add Application > New SAML Application.

1b.png

2.) Enter the Application Name. (Example: Jira Align) Click Continue to Next Step.

2b.png

 

3.) For the Signing Certificate: Use the PingOne Signing Certificate or use your ownMake sure SAML v2.0 is selected for Protocol Version. The ACS and Entity ID will be the Jira Align site (https://<instance>.jiraalign.com). 

3b.png

It should be noted that Jira Align requires BOTH Signed Assertion and Signed Response for SAML 2.0 Providers. If you are only able to sign one of the two, then you will need to select Signed Response and open a Jira Align Support Ticket to have the assertion response requirement set to False.

See Section C at the end of this article to see the Require Signed Saml Assertion field in Jira Align.

 

4.) Ensure Sign Response and RSA_SHA256 as the Signing Algorithm are selected. Click Continue to Next Step(see image from Step 3).

5.) Create a SSO Attribute of Email / Email and make it required. Continue to Next Step.

1.png

6.) Copy the Single Sign-On URL and download the SAML Metadata for later. Click Finish.

3.png

Jira Align

7.) Sign into Jira Align and click Administration > Platform > Security.

8.) Click Add SAML Provider. 

5.png

9.) Paste in the SAML 2.0 Metadata from Ping (Step 6 from earlier).

10.) Click Save & Close.

17.png

11.) Set Enable SSO to Yes.

12.) Click Save Settings.

 

Testing

13.) Open up an incognito window in your browser and navigate to the Single Sign-On URL from Ping One (Step 6 from earlier).

 

A.) Additional Notes

  • The user account you are testing from Ping One SAML 2.0 must be also configured on the Jira Align side.
  • User accounts on the Jira Align side can be created using the following methods:
    • API 1.0
    • Excel Import
    • Manually created
    • Users automatically integrated from Jira (the user must be assigned to an integrated issue)

B.) Disable Manual Sign In

  • Once you are confident that there are no known issues with SSO, you can go back to Platform Settings from earlier and set Disable Manual Sign In to Yes. 

You'll need to open a ticket with Jira Align to regain access if you get locked out while Disable Manual Sign In is turned on. 

  • After you have set Disable Manual Sign In, you'll be able to fill out the following field:
    • Sign In URL (use the URL from step 6)

If for some reason your Sign In contains encoded characters (Example: %20 for space), you'll need to replace that with the non-encoded equivalent.


C.) Require Signed Saml Assertion 

  • It should be noted that Jira Align requires BOTH Signed Assertion and Signed Response for SAML 2.0 Providers. If you are only able to sign one of the two, then you will need to make sure you are using Signed Response with Ping and open a Jira Align Support Ticket to have the assertion response requirement set to False.
  • Ping will give you an option to also encrypt assertion in addition to signing assertion which Jira Align does not support. Please do not enable this option. 
  • This Signed Assertion setting is unique to each SAML Provider so if you are using multiple SAML/SSO Providers that can only handle Signed Response, each one will need the Signed Assertion set to False in Jira Align. 

ping_section_c.png

0 comments

Comment

Log in or Sign up to comment
TAGS
Community showcase
Published in Jira Align

Helpful hints if you're rolling Align out to your entire enterprise

(Or, What to expect when you’re expanding.) Once you've completed your Jumpstart, or your initial assessment of Jira Align, you'll start to think about how you can roll it out to the rest of your e...

2,456 views 9 36
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you