Can I set up SSO, but still retain Jira login for some Users that don't use SSO?

We have some contractors that we add to our JIRA and Confluence apps that use their full email address for logins, but our employees all use the username portion of the email address for the JIRA username.  Our SSO provider (OneLogin) is sparse on documentation on this, but I can only select one option for default username.  I'd love it if it was possible to have a "Hybrid" login where I could log in directly to the JIRA app with one URL, and through OneLogin by default. 

Is this possible?

Thanks so much.

3 answers

Hi there!

This is totally possible, for users needing the non SSO login you need to create a new user via the user management area and add the email address there. I hope this helps!

To be clear, I would be using SAML 2.0 auth for login. I know that I can create users, but what I'm concerned with is whether those users that are using non-standard logins without access to our SSO provider, will be able to reach Jira. In other words, is it all or nothing with respect to SAML-based SSO login? Or is it possible to log in using SSO or Jira Authentication based entirely on user preference?

This question should really be raised with SSO Provider (i.e. OneLogin).

It also really depends on what you understand as "single sign-on" as there are many interpretations that vary from "the same as my AD account" to "fill a login form once in one application then be able to switch to another" to "recognize the application and fill the user/password automatically once I login in to my provider service" to "login into your workstation an be able to open the applications without having to enter user/password again".

I understand that OneLogin does provide the later branded as "Integrated Desktop SSO" i.e. Integrated Windows Authentication. This is where the fallback URL ability becomes important.

Ours ("EasySSO for JIRA" - an implementation of Integrated Windows Authentication i.e. true password-less login in Windows environment) allows to use a non-SSO url where it would revert back to regular JIRA login screen. Others may do this as well.

Yes, this sounds like somethig we support.

With our add-on you can use Kerberos, SAML or in combination.


If both Kerberos and SAML are configured, then Kerberos is tried first. If the client does not support Kerberos, then the username filed is diplayed. If you type an internal username, then the password dialogue is shown, otherwise you will be redirected to your IDP for authentication.

We support JIRA mobile, JIRA Service Desk etc, and there is no need for any file system modifications.

Have a look at https://marketplace.atlassian.com/search?query=kantega 

We are always happy to help out. Email us at SSO@kantega.no

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,868 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot