Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

JIRA Azure Active Directory SSO for JIRA - Forze Azure Login

Edited
Mart Lehtmets
Mart Lehtmets Feb 17, 2021

Hello dear community

We are struggling with JIRA Azure Active Directory SSO for JIRA.

We used this official Tutorial to set it up.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/jiramicrosoft-tutorial

Everything works good. Users can log in through AzureAD.

BUT

We are having problem, when we turn on "Force Azure Login" setting in this JIRA SSO app in configurations.

When we turn it on and then go to JIRA url, then we will be redirected to AzureAD log in page, which is good. We can log in succesfully, but when Administrator tries to go from Administration menu item for example to "Manage apps" page, then it shows for a split second that login is redirected to AzureAD, but then redirected back to Home Dashboard. 

It's quite a problem since Adminsitrators can not access administration part when "Force Azure login" setting is turned on,.

We haven't figured out how we can fix that?! Anyone knows a solution for this problem?

 

Answer
Watch
Like Simon Leclercq likes this
2177 views

4 answers

1 accepted

2 votes
Answer accepted
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Feb 18, 2021

Hi @Mart Lehtmets ,

In SAML SSO, IDP just sends the SAML Response and it is the responsibility of the SAML SSO plugin to create a user session (end-user session and WebSudo session) and it seems like you are using Microsoft's JIRA SAML SSO plugin, I suggest you check for an update or submit a support request to Microsoft for faster troubleshooting.

You can also take a look at the third-party plugins available on the Atlassian Marketplace which provides advanced features and updates directly from the Atlassian Marketplace.

Here is one of the SAML SSO plugins from miniOrange. It has a lot of advanced features that allow SSO to end-users as well as the JIRA Admin console. It also has an emergency URL to bypass SSO and allow login using the local JIRA credential and this URL can be configured in such way so that only administrator can use in case of emergency.

Thanks,

Lokesh 

PS: I work for miniOrange one of the top SSO vendors in the Atlassian Marketplace. Feel free to reach out to miniOrange Support in case of any questions or need assistance with the plugin configuration.

View More Comments
Mart Lehtmets
Mart Lehtmets Mar 23, 2021

Thank you for the recommendation. We went for the miniOrange one and it works like we need to. We can force Azure Login and admin portal works as well.

Like
Simon Leclercq
Simon Leclercq Aug 19, 2021

the problem is this miniOrange addon is not free ! 

SAML SSO by Microsoft is free but is not working for the admin portal

Like
Mart Lehtmets
Mart Lehtmets Aug 19, 2021

Thats was the whole reason why we ended up paying for the miniOrange add-on!

If Microsoft would put a little more effort into its add-on, we would be glad to switch back to it.

Like
Fernando Passos
Fernando Passos Sep 24, 2021

Hi @Lokesh Naktode_miniOrange I'm running a test on the plugin that you recommended and a question arose, how to remove the jira's default login screen and leave only the SSO redirect screen? Thank you.image.png

Like
Shweta Vispute
Shweta Vispute Sep 24, 2021

Hello,

This can be achieved by disabling the Delay Auto-Redirection to IDP option from the Sign In Settings tab of the plugin.

img.png

PS: I am a developer at miniOrange, a Top Atlassian SSO Vendor!   

If you have any questions about it or would like to discuss it further, you can reach out to info@xecurify.com.

I hope this helps you!

Thanks,

Shweta.

Like # people like this
Reply
1 vote
Simon Leclercq
Simon Leclercq Aug 19, 2021

Here is the solution for those searching for it : i found it here : https://confluence.atlassian.com/adminjiraserver/configuring-secure-administrator-sessions-938847890.html

 

Disabling secure administrator sessions
Secure administrator sessions (i.e. password confirmation before accessing administration functions) are enabled by default. If this causes issues for your Jira instance (e.g. if you are using a custom authentication mechanism), you can disable this feature by specifying the following line in your jira-config.properties file:

jira.websudo.is.disabled = true

Reply
0 votes
Simon Leclercq
Simon Leclercq Aug 19, 2021

Have you find a way to fix this or you ended up to pay for using another plugin ?

View More Comments
Mart Lehtmets
Mart Lehtmets Aug 19, 2021

We ended up using miniOrange plugin. Works like a charm.

Like
Simon Leclercq
Simon Leclercq Aug 19, 2021 • edited

Thanks for the head up, good to know, sadly this orange plugin is not free. I gave the solution below

Like
Reply
0 votes
Pramodh M
Pramodh M
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Feb 17, 2021

Hi @Mart Lehtmets 

I guess the token is missing the second time when it asks for authentication.

The solution here is to disable "Force Azure login" and have your primary authentication as SAML SSO, instead if you are using any other directory.

You may want to check the settings in SSO App you are configuring in Jira.

Now to troubleshoot the redirection problem, please see one of the links in the KB

Please analyze the logs in Jira.

https://confluence.atlassian.com/crowdkb/redirected-to-the-login-screen-with-no-errors-when-attempting-to-log-in-to-any-atlassian-applications-376834420.html

Thanks,
Pramodh

Reply

Suggest an answer

Log in or Sign up to answer
Jira Core
Jira Core Server
TAGS
AUG Leaders

Atlassian Community Events

See all events