Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Single Sign On (SSO): Configuring Multiple Identity Providers and Transitioning Metadata

The Jira Align SAML 2.0 IdP (Identity Provider) initiated SSO Solution can support multiple identity providers as needed.  The following article will cover how to support multiple identity providers and how to transition to a new identity provider or make general modifications to the identity provider metadata.

 

Supporting Multiple Identity Providers or Multiple Configurations from a Single Identity Provider

  1. Configure your first Identity Provider SSO Solution as per https://community.atlassian.com/t5/Jira-Align-articles/Video-How-to-enable-single-sign-on-SSO-with-Jira-Align/ba-p/1296205 and https://agilecrafthelp.zendesk.com/hc/en-us/articles/115000374174-10X-Jira-Align-SSO-Support
  2. Create a second set of IdP metadata in your original IdP or an additional IdP
  3. Navigate to Jira Align Admin > Platform > Security > Click “Add SAML Provider” and paste in the 2nd set of metadata

image.png

Notes:

  • The “Sign in URL” field will be grayed out until “Disable Manual Sign In” is set to Yes.  It is recommended to validate SSO configurations before setting “Disable Manual Sign In” to Yes
  • Jira Align only supports a single “Sign in URL” redirect which means users will need to navigate directly to the sign in URL of additional IdP configurations.  A good technique for doing this is users adding the additional IdP configuration sign in URLs to their browser favorites.

 

Transitioning Metadata for Updates (accounting for the agilecraft.com to jiraalign.com domain change).

Option 1:

  1. Have your SSO engineer create a new SAML 2.0 SSO configuration in your IdP utilizing your new site URL as the Entity ID and Assertion Consumer Service Location. 
  2. If the original Entity ID and Assertion Consumer Service Location you utilized for SSO was https://www.customer.agilecraft.com the new value for Entity ID and Assertion Consumer Service Location would be https://www.customer.jiraalign.com.  Ensure that the SAML signature policy is set to sign both the Response and Assertion. 
  3. Copy the newly created Jira Align IdP metadata and navigate to Jira Align Admin > Platform > Security > Click “Add SAML Provider” and paste in the newly created Jira Align metadata
  4. Validate the newly created Jira Align domain SSO configuration using the sign in URL from your identity provider
  5. When ready to transition replace the *agilecraft.com “Sign in URL” under Jira Align Admin > Platform > Security with the newly created jiraalign.com sign in URL. 
  6. Revalidate the SSO solution and remove the original *agilecraft.com metadata from Jira Align Admin > Platform > Security

 Option 2:

  1. Have your SSO engineer update the existing SSO SAML configuration by replacing the agilecraft.com Entity ID and Assertion Consumer Service Location URL with the jiraalign.com domain
  2. Validate the SSO solution now authenticates into the jiraalign.com domain

Notes: If Manual login is disabled and SSO is reconfigured to the jiraalign.com domain name, any links to the agilecraft.com domain such as Jira weblinks or links within email notifications will only work if your SSO solution has a proper relay state configured.  The Jira Align team is currently working on a solution to mass update Jira weblinks.  In the meantime customers can request a redirect from the agilecraft.com to the jiraalign.com domain after re-configuring their SSO solution in case of any legacy agilecraft.com links.  

2 comments

Hi @Tim Keyes this article is using imgur. Could the image hosting be updated on this one please? Many thx

Like Tim Keyes likes this
Tim Keyes Atlassian Team Oct 21, 2020

Hi @Karalee Kikiros

Thank you for the note.  I hope all is going well!

I have updated the image hosting on the article.  The rest of the articles should be good to go, but please reach out if you encounter another one.

Cheers!
Tim

Like Karalee Kikiros likes this

Comment

Log in or Sign up to comment
TAGS
Community showcase
Published in Jira Align

Helpful hints if you're rolling Align out to your entire enterprise

(Or, What to expect when you’re expanding.) Once you've completed your Jumpstart, or your initial assessment of Jira Align, you'll start to think about how you can roll it out to the rest of your e...

1,180 views 3 26
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you