Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Cloud SSO - ADFS

Matt Gallagher
Matt Gallagher
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 10, 2020

Hello,

Hoping someone will be able assist with this ask. I have successfully setup SSO for our ADFS (on prem not cloud). During testing, the values are passed and saml stack tracer shows all is good. The problem is a redirect back to our /adfs/ls/ prompting the user to enter domain username and password. Upon which they are redirected to the startpage. As this "works" it is only a cache of their credentials and will be prompted again when the session token expires. This is not acceptable. 

The guide followed is located here: https://confluence.atlassian.com/cloud/configure-saml-single-sign-on-with-active-directory-federation-services-ad-fs-975020616.html?_ga=2.266415374.1227830942.1594227757-1489549613.1594227757

Also, we do have an odd configuration with user UPN. As the username does match the email address. Typically this resolved by creating a claim to pass SAM as name ID and transform email to name ID.

 

Thank you.

Answer
Watch
Like Be the first to like this
603 views

1 answer

0 votes
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 10, 2020

If it is your /adfs/ls/ that is prompting the user, then it's a problem on your ADFS side.

If by "prompting" you mean "domain credentials popup" – ADFS is probably trying to do NTLM/Kerberos authentication of the user. Are you accessing your cloud from a domain-joined machine i.e. is NTLM/Kerberos even possible for you? If not, then this authentication mechanism needs to be disabled for external networks – this would be on ADFS side. Also check if your ADFS host is recognised as being in Intranet Zone in IE/Internet Options – transparent SSO won't be possible otherwise.

If this is a regular web form from ADFS, then what you describe is exactly how it should work. ADFS logs the user in, stores this fact in a cookie, redirects back to Service Provider (Atlassian Cloud), when the session expires it will prompt again indeed. What were you expecting?

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security