Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Single Sign On & Single Sign Off using SAML/OIDC plugins on multiple Atlassian tools transparently


Hi All,

In a scenario where JIRA and Confluence share an Identity Provider, if a user has logged in via SSO in Confluence... it should be automatically recognised as that user in JIRA
Without any single manual step, eg click on login again on JIRA. 

In the same scenario where the user is not logged in using SSO, user should have the ability to view the public projects/spaces and sign in via SSO.


Second case is that if the user logs out *anywhere* (that is, Keycloak,JIRA, Confluence or anywhere else that uses the federated login) then it should be logged out in all the federated applications


Please share your experiences in achieving the above using plugins without any custom coding. Thanks for your time, much appreciated.





We have the same problem. A number of plugins allow for automatic and "transparent" login but only if no anonymous access is required. If we have to enable anonymous access to some content (ie without requiring login) then JIRA doesn't know that the user has logged in in the Identity Provider and already been recognized by Confluence at this point.

Has anyone managed to crack this problem. This scenario seems to work fine with mod_auth_openidc, for example.


OK just some of my own input on the issue.

Apache's mod_auth_openidc does offer a solution to this problem by using iframes, which of course only works with OpenID Connect (what the module implements)

I would guess that any solution for SAML would have to work on the same principles. Do we know if any of the plugins available implements this kind of "Session Management"?



I am commenting on this for future readers.
We have a solution to some of these use cases in our plugin, Kantega SSO Enterprise, which is available for Jira, Confluence, Bitbucket and Bamboo Data Center (and still server until Feb 14 2024).

First of all, we offer session management / Single logout so that a logout from Jira will log the user out from the IDP. However, for OIDC, this will not automatically terminate the session in Confluence, since we only support SP-initiated single logout, and have not implemented the iframe solution above to consume SLO requests from the IDP. In our SAML setup, metadata allows also IDP-intitated single logout, so the case described would probably work, given that the IDP receiving an SLO request from say Jira, will forward SLO to Confluence consuming session terminations.

When it comes to the public content, we have a feature called Forced SSO, which allows login to trigger also on publically accessible URLs. At the same time, you may also enable something we call "Authenticated Anonymous Browsing"..This will allow your user to pass through the SSO flow to verify their session, but still view the content as an anonymous user, i.e. not consume a license to view the public content if they do not yet have a Confluence user.

I hope this comment will be of help to someone somewhere.

Kantega SSO


Log in or Sign up to comment