We have some contractors that we add to our JIRA and Confluence apps that use their full email address for logins, but our employees all use the username portion of the email address for the JIRA username. Our SSO provider (OneLogin) is sparse on documentation on this, but I can only select one option for default username. I'd love it if it was possible to have a "Hybrid" login where I could log in directly to the JIRA app with one URL, and through OneLogin by default.
Is this possible?
Thanks so much.
To be clear, I would be using SAML 2.0 auth for login. I know that I can create users, but what I'm concerned with is whether those users that are using non-standard logins without access to our SSO provider, will be able to reach Jira. In other words, is it all or nothing with respect to SAML-based SSO login? Or is it possible to log in using SSO or Jira Authentication based entirely on user preference?
This question should really be raised with SSO Provider (i.e. OneLogin).
It also really depends on what you understand as "single sign-on" as there are many interpretations that vary from "the same as my AD account" to "fill a login form once in one application then be able to switch to another" to "recognize the application and fill the user/password automatically once I login in to my provider service" to "login into your workstation an be able to open the applications without having to enter user/password again".
I understand that OneLogin does provide the later branded as "Integrated Desktop SSO" i.e. Integrated Windows Authentication. This is where the fallback URL ability becomes important.
Ours ("EasySSO for JIRA" - an implementation of Integrated Windows Authentication i.e. true password-less login in Windows environment) allows to use a non-SSO url where it would revert back to regular JIRA login screen. Others may do this as well.
Yes, this sounds like somethig we support.
With our add-on you can use Kerberos, SAML or in combination.
If both Kerberos and SAML are configured, then Kerberos is tried first. If the client does not support Kerberos, then the username filed is diplayed. If you type an internal username, then the password dialogue is shown, otherwise you will be redirected to your IDP for authentication.
We support JIRA mobile, JIRA Service Desk etc, and there is no need for any file system modifications.
Have a look at https://marketplace.atlassian.com/search?query=kantega
We are always happy to help out. Email us at SSO@kantega.no
I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs