Can I set up SSO, but still retain Jira login for some Users that don't use SSO?

We have some contractors that we add to our JIRA and Confluence apps that use their full email address for logins, but our employees all use the username portion of the email address for the JIRA username.  Our SSO provider (OneLogin) is sparse on documentation on this, but I can only select one option for default username.  I'd love it if it was possible to have a "Hybrid" login where I could log in directly to the JIRA app with one URL, and through OneLogin by default. 

Is this possible?

Thanks so much.

3 answers

This widget could not be displayed.

Hi there!

This is totally possible, for users needing the non SSO login you need to create a new user via the user management area and add the email address there. I hope this helps!

To be clear, I would be using SAML 2.0 auth for login. I know that I can create users, but what I'm concerned with is whether those users that are using non-standard logins without access to our SSO provider, will be able to reach Jira. In other words, is it all or nothing with respect to SAML-based SSO login? Or is it possible to log in using SSO or Jira Authentication based entirely on user preference?

This widget could not be displayed.

This question should really be raised with SSO Provider (i.e. OneLogin).

It also really depends on what you understand as "single sign-on" as there are many interpretations that vary from "the same as my AD account" to "fill a login form once in one application then be able to switch to another" to "recognize the application and fill the user/password automatically once I login in to my provider service" to "login into your workstation an be able to open the applications without having to enter user/password again".

I understand that OneLogin does provide the later branded as "Integrated Desktop SSO" i.e. Integrated Windows Authentication. This is where the fallback URL ability becomes important.

Ours ("EasySSO for JIRA" - an implementation of Integrated Windows Authentication i.e. true password-less login in Windows environment) allows to use a non-SSO url where it would revert back to regular JIRA login screen. Others may do this as well.

This widget could not be displayed.

Yes, this sounds like somethig we support.

With our add-on you can use Kerberos, SAML or in combination.

If both Kerberos and SAML are configured, then Kerberos is tried first. If the client does not support Kerberos, then the username filed is diplayed. If you type an internal username, then the password dialogue is shown, otherwise you will be redirected to your IDP for authentication.

We support JIRA mobile, JIRA Service Desk etc, and there is no need for any file system modifications.

Have a look at 

We are always happy to help out. Email us at

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

106 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you