Service Desk Customers to Login with SAML SSO

This article introduces a configuration to let the service desk customers (portal-only users) login with SAML protocol.

 

(1) Prerequisite

You are:

  • an organization admin of the organization with SAML SSO and user provisioning configured, and
  • a project admin of the classic project in Jira Service Desk which belongs to the organization

 

(2) Configuration

If user provisioning is properly configured, the organization admin see the name of synced groups at Atlassian Access like below:

1-aa-user-provisioning.png

In this example, we are going to configure the settings against "All members for directory - f5f33185-555d-425b-84b4-06c155df3abb".

On the site belonging to the organization, the site-admin can see the group and its members in the user management:

Screenshot 2020-06-08 15.40.38.png

Here's the procedure on Jira Service Desk:

  1. In a classic service desk project, go to Project settings > People
  2. Add the group which name is starting with "All members for directory" as the "Service Desk Customer" role

Screenshot 2020-06-08 15.42.25.png

That is it. Now the users belonging to the specified group can login only with SAML SSO:

4-jsd-portal-sso.png

Note that the signup/login endpoint is different between portal-only users and licensed users (such as service desk agents). The portal-only users need to use the login form liked in the customer portal.

 

(3) Relevant KBs

 

 

5 comments

M Amine
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 28, 2020

thank you @K_ Yamamoto 

Paul Santus June 7, 2021

Hi @K_ Yamamoto

 

Does this require Access licence for as much users as we have Service Management clients?

K_ Yamamoto
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 7, 2021

@Paul Santus In a nutshell,

  • JSM agents are billable
  • JSM customers are not billable

Refer to https://support.atlassian.com/subscriptions-and-billing/docs/manage-your-bill-for-atlassian-access/ for more details.

Arthur Mauvezin June 7, 2021

Thanks @K_ Yamamoto for your answer.

I understood JSM billing scheme (agents vs customers).

The main question here is: do we need to pay for users who are only JSM customers but are authenticated and user provisioned through Atlassian Access (in our case, they should be able to access JSM portal and no other Atlassian application) ?

K_ Yamamoto
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 9, 2021

@Arthur Mauvezin Sorry for the lack of clarification. But my last answer was for Atlassian Access. To answer your question, as of today:

  • The managed accounts using JSM as an agent are billable
  • The managed accounts using JSM only as a customers (and not using any other products) are not billable

Again, refer to https://support.atlassian.com/subscriptions-and-billing/docs/manage-your-bill-for-atlassian-access/ for more details.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events