We are creating a customer portal in drupal and using the AWS Cognito SAML/SSO service as our authorization. These same customers will be asked to create support tickets in Jira Service Desk.
As part of this effort we'd love to use cognito as the authorization agent for Jira Service Desk. However my research has implied that this is not possible.
I found that the APIs required to do authentication are no longer supported:
And that the recommended solution is now 'Atlassian Access'. However access works only with verified domains. https://confluence.atlassian.com/cloud/saml-single-sign-on-943953302.html
..."SSO allows a user to authenticate once and then access multiple products during their session, without needing to authenticate with each of those. Note that SSO will only apply to user accounts from your verified domains. "
As our customers are from various other companies we will never, nor could we, have their domains as verified domains.
Is there any solution or option that I'm overlooking to tie in our service desk to our cognito SAML solution? or even some other generic SSO provider? (without verified domains)
It seems like we're stuck just using direct sign in. Would love some ideas or someone to point out something I overlooked.
Thank you for getting in touch with Atlassian Community!
To be able to use SAML with your Cloud instance there are some steps that you need to follow and it includes to verify the domain to prove that you own that domain. It's not possible to bypass this verification to allow them to log in using SSO.
These are the three steps that you need to follow to get users to log in using SSO:
Thanks for the response Angelica.
I was trying to imply with my question that I understood that and I'm hoping I was wrong.
Where would be the best place to put in a feature request for this?
I understand that it's currently not the intended behavior and not possible. However with many customer using service desk to support their customers that are coming from external businesses (AKA unowned domains), it would make sense to consider supporting SSO solutions where email addresses come from different domains.
Thank you for your help.
You can create a feature request on jira.atlassian.com on the project CLOUD, because it applies to Jira and Confluence.
The only feature that may be related to what you need is JSDCLOUD-630, but in this case is for customers and not users.
Please, feel free to raise a feature request adding the details about why this feature is important for you.
If you have any other question, please let us know.
Hello Insight users, As part of our (Mindville's) acquisition by Atlassian, our training team is looking to build some new Insight training materials. It would really helpful if you can ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events