SSO

Bakhtawar Tanveer February 29, 2024

Hi Community,

We just recently started use JSM and plan to have 20 agents and internal 280~500 customers. Now we want SSO for users.

What should I do next? Can we use Access and what about pricing of it? Hope I can get a broad pic of the whole any reference links would be appreciated. Thanks.

2 answers

1 accepted

7 votes
Answer accepted
Zoey Wang
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 29, 2024

Hi @Bakhtawar Tanveer 

Welcome to the Atlassian Community!

Yes Access is the way to go to enable your SSO for the users.

1. Check here Manage your bill for Atlassian Access 

It tells what kind of user is identified as a billable user - as overall the billing cost depends on the number of unique billable users; and billing cycles - monthly vs annual

2. If your internal customers have no product access yet, they won't be considered as billable users. Hence no cost associated with this number of users. 

3. If you check the link below you can find SSO configuration steps.

Atlassian Access policies and features apply to all the managed users with access to JSM in your case. 

For internal users

SAML single sign-on for your organization’s users:


If you’d like your users to authenticate through your company’s identity provider when they log in to your Atlassian cloud products, you can set up SAML for single sign-on (SSO). SSO allows a user to authenticate with one set of login credentials and access multiple products during their session.

With SSO, you have a few benefits:

If self signup is enabled, we automatically create an Atlassian account for them when that user logs in for the first time with SSO.

You can set security policies from your identity provider that will apply when users log in to your Atlassian products



Bakhtawar Tanveer February 29, 2024

Thanks @Zoey Wang for such a prompt reply!

Will read thru quickly and see if any further questions need your help.

2 votes
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 29, 2024

Hello, @Bakhtawar Tanveer 

As @Zoey Wang (hello Zoey!) specified – yes you should use Atlassian Access. To be clear – there is no other option, as Atlassian doesn't allow any 3rd party SSO solutions in Cloud.

Just make sure you set up the integration with your IdP correctly!

I do not know what IdP you are using, but here are some answers that I've previously provided related to Azure AD:

The main points:

  • separate your "SSO group" from "Application access group" (in Azure AD case this then leads to the need to have 2 apps installed in Azure AD)
  • email is the Unique Identifier, not AD UPN, nor username
  • matching in User Provisioning should be done by objectID, since everything else may change over the lifetime of the user. This is NOT highlighted in Atlassian's documentation at all.
  • "Continue with Microsoft" functionality is kinda unmanageable, the best you can do is assign the same "SSO group" as you use with SAML application in Azure AD

 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events