Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Migration from Service Desk on Prem to Cloud and SSO

Peter Makki January 2, 2024

Hello Everyone,

TL;DR

  1. Is it possible to organize portal-only users with organizations in Jira Service Management ("service desk cloud")? And how to create organizations when portal-only users are login within SSO?
  2. When I configure SSO with an identity provider (in Jira Service Management), does it mean that all my customers emails must be from my domain? I’m asking because I can see that in configuration I have number saying of quantity of verified domains.

Longer version

I have some doubts about our migration from Jira service desk on prem to Jira service desk in the cloud.

We used to have (in Jira on prem) our customers account registered via our solution, that was connecting to service desk via rest API. Customers account were organized according to organization that they were attached. In our case, one organization most often has more than one customer account attached, and it was convenient that they can see “organization” history.

When moving to cloud we would like to change way of handling user. We would like to keep them in our Keycloak and only enable SSO for them when logging in to service desk. However, we would like to keep structure of how they are organized in service desk.

After reading manuals and forum, we managed to enable “portal only” login for customers. However, those customers are missing information about organization that they should belong to.

On the other hand, we have tried to configure SSO with an identity provider, but we have encountered some problems (see questions on the top)

1 answer

1 accepted

0 votes
Answer accepted
Rebekka Heilmann _viadee_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
January 2, 2024

Organizations within JSM have nothing to do with the Atlassian Org or SSO.

Organizations are merely there to organize your customers (portal-only users and possibly others) and give them access to requests (share with organization).

When you configure SSO (you will need Atlassian Access) for that, you can create different policies and attach user groups to them. So you could have different policies for your internal and your external users. Are both your internal and external users (portal only) managed in the same keycloak / directory?

You can have users from different domains. The verified domain is there for claiming all Atlassian users with that domain (optional) and things like security settings, Email-config... So you would only verify your "own" domain.
For users from other domains it might be the case, that they are already managed within a different Atlassian Org. Therefore they might have already some Login policies enforced and would always fall under the policy of their own org before yours.

 

As you can see: there is no easy answer and it really depends on your whole setup, which I still haven't completely understood

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events