Connecting JIRA to Azure AD

Vilas Torgal January 26, 2014

Hi, We are exploring an option of installing the JIRA on one of our Azure servers and then connecting it to our corporate Azure Active Directory.

Appreciate any help in how to implement connecting JIRA to azure AD and with some inputs/pointers on way forward.

are there any readily available plugins for this purpose?

10 answers

1 accepted

5 votes
Answer accepted
Jeevan Desarda February 16, 2018

Microsoft has just released the FREE SAML single sign on plugin for our mutual customers. You can download the plugin from Microsoft Download Center and then use Azure AD JIRA app to connect with it. You can see the complete documentation from here and then use single sign on for it. 

Feel free to write back to us on our alias if you face any issues. 

Thanks.

FREE Plugin : https://www.microsoft.com/en-us/download/details.aspx?id=56506 

Documentation: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-jiramicrosoft-tutorial

john morrissey March 22, 2018

@Jeevan Desarda or @anyone 

do you know if the plugin available from MS will work with Jira installed on a *nix machine?  I'm trying to upload it but it keeps failing.  The MS doc states Jira has to be installed on a 64bit Windows OS but figured I'd ask if you had any experience

Like Pardip bhogal likes this
Andrew Best June 11, 2018

Hi @john morrissey

The JIRA AAD plugin worked on Ubuntu LTS without any problems I could see.

I saw the same upload problem with the Confluence plugin MS offer for AAD. I found a work around by having the page download the plugin file from a web server instead of uploading from my local machine. Seemed to do the trick to get it installed. The confluence plugin broke more generally at this point and we couldnt complete its configuration in our tests.

I know that @Jeevan Desarda is working on some updates for the JIRA and confluence plugins at the moment to address version currency and some issues I opened with MS about them.

Giuseppe Rizzo July 31, 2018

I also installed the plugin on Ubuntu LTS without any problems. But there is a problem when using the plugin behind a reverse proxy. 

Confluence and Jira are installed as specified in the documentation.

Jira/Confluence <- HTTP -> Apache Reverse Proxy <- HTTPS -> Client

The generated urls for the identifier, the reply url and the sign on url are only http but https is required.

I'm currently in contact with microsoft to find a solution on this.

Maybe someone has an idea. 

This is just for your information.

Maksim Skutin August 8, 2018

 

@gmrizzo have you ever managed to find a solution?

Giuseppe Rizzo August 8, 2018

Hey @Maksim Skutin

not yet. I'm trying to work out a solution together with the support.

The issue is that the plugin tries to identify the url by itself. So it only gets the internal not encrypted url of jira.

Maybe a solution is to also enable SSL between jira and the apache reverse proxy. 

I will provide here more information when the time comes.

Maksim Skutin August 8, 2018

Hey @gmrizzo, how do you think, would it be possible to open public ticket for you?

Maybe a solution is to also enable SSL between jira and the apache reverse proxy. 

Actually this could be a reason.

Giuseppe Rizzo August 9, 2018

I thought about it but I didn't knew where to create the ticket.

Thank you for the link.

Giuseppe Rizzo April 24, 2019

@Maksim Skutin 

I don't know if this is anymore relevant but I will post my success for anyone having the same problem. 

Microsoft provided us with the updated version of the plugin with a well documented setup process. My fault was the missing "secure" attribute at the connector in the server.xml. After setting this according to the documentation to true everything worked fine.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/jiramicrosoft-tutorial 

I hope it helps someone.

Like # people like this
Maksim Skutin April 24, 2019

@gmrizzo, thanks for the update!

divya kaul August 3, 2019

For the https in the JIRA URLs instead of http, make sure to have secure=true in the server.xml. 

Dawn Fama January 22, 2020

Does anyone see an advantage to the paid Kantega add on vs the free MS Azure SSO ad on?

1 vote
Richa Pathak October 30, 2019

Hi @Jeevan Desarda

 

I have tried installing Microsoft plugin on Jira and I am facing the same issue, The generated urls for the identifier, the reply URL and the sign-on URL are the only HTTP but https is required.

My jira is behind proxy and server.xml does have the secure= true entry but it' still not working.

is there any other solution for this problem?

 

Thanks:

Richa Pathak

Giuseppe Rizzo October 30, 2019

Hey @Richa Pathak,

is your scheme setup HTTPS? I had the same issues configuring the plugin, my issue was a typo in the settings. 

https://docs.microsoft.com/de-de/azure/active-directory/saas-apps/jiramicrosoft-tutorial#configure-jira-saml-sso-by-microsoft-sso

Like Richa Pathak likes this
Richa Pathak October 30, 2019

Hi @gmrizzo

I also had typo in the settings. Thanks very much. It really helped! :)

Thanks:

Richa Pathak

Like # people like this
Giuseppe Rizzo October 30, 2019

You're welcome

Richa Pathak November 1, 2019

Hi all,

 

I made some progress and was able to successfully connect with SSO, however, every signed in user requires to be in Jira internal directory, is this the only option?

How can I make sync in place so that a user will get automatically created in Jira if it does exist in Microsoft Azure AD?

Any suggestions?

Like M Amine likes this
1 vote
Jira Administrator January 13, 2017

It looks as though Microsoft is offering that connection now. 

https://azure.microsoft.com/en-us/marketplace/partners/atlassian/atlassiancloud/

I haven't tried it yet and was browsing here in the group to see if anyone else has connected to it. I am curious if everyone connected via Azure has to be a paid user, or if some can be paid users and other customers. 

Thanks

Russell Stanford

Jeevan Desarda February 16, 2018

Yes, we have ton of customers who are using Atlassian Cloud app to connect with JIRA on Cloud. This application on Azure AD app gallery is developed along with Atlassian team. So feel free to use it. 

This app is also available for FREE Azure AD customers and you can use it for all the organization users.

1 vote
Jorge Pires April 2, 2014

Have you been able to get a reply on this so far?

Jeevan Desarda February 16, 2018

Microsoft has just released the FREE SAML single sign on plugin for our mutual customers. You can download the plugin from Microsoft Download Center and then use Azure AD JIRA app to connect with it. You can see the complete documentation from here and then use single sign on for it. 

Feel free to write back to us on our alias if you face any issues. 

Thanks.

FREE Plugin : https://www.microsoft.com/en-us/download/details.aspx?id=56506

Documentation: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-jiramicrosoft-tutorial

Like M Amine likes this
0 votes
Robin Peters
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 15, 2019

Hi friend,

I connected the Azure AD through the microsoft addon and it works nice.
But I still have to create the user first to internal jira directory otherwise I get "User is not available". Is there a way to create all users automatically? Or do I have to setup a user directory?
How to configure the user directory sync for the azure ad?

Erick Grimmer April 23, 2019

I would like to know more about this as we are considering switching to Jira Service Desk. If we have to manually send an invite every time we have a new employee come on board before they can submit requests that is a deal breaker. 

Russell Stanford April 23, 2019

We use the Azure AD SAML method to add users. You have to add them to the Azure AD enterprise application. They then appear in the list of users, or portal only users. When they sign in with their office 365 credentails + 2FA (if any) their account is linked to Jira. 

Like # people like this
Christian Wiemer April 30, 2019

Hi Russel,

we setted up a test-connection between azure ad and Jira with the article discribed above (https://docs.microsoft.com/de-de/azure/active-directory/saas-apps/jiramicrosoft-tutorial)

Unfortunately it doesn't paste the Azure Ad user to jira on it's own, we have to create it manualy in the jira user directory (also with password details, which is a no-go in corporate use). 

If I understand you correct, your userdata from the Azure Ad is directly transfered to jira and then ready to use for all office365 users. Could you point out, how you made this happen.

Thx

Giuseppe Rizzo April 30, 2019

This would interest me too. Currently we need to add the users manually to JIRA user directory. An automatic transfer or setup at first login for the allowed users in the Azure AD enterprise application would be much appreciated. 

Dawn Fama June 7, 2019

Rizzo, 

By chance do you connect JIRA with your company Active Directory? 

We are using the MS add on with JIRA and an Azure Proxy.  On Azure SSO there is a user claims section,  Make sure the user attributes match.

Also in JIRA manage add on for the microsoft add on, under SAML UserID Location

we chose 

User ID is in an Attribute element and entered sAMAccountName

Giuseppe Rizzo June 11, 2019

@Dawn Fama Did you mean by connecting JIRA to my company Active Directory to setup the AD as a user directory? We only use the AD inside the Azure Cloud with the DC service. From my knowledge there is only read access from the LDAPs interface available.

I don't get the second part of your comment. What do you mean with an Azure Proxy and where do I find the "user claims" section inside the Azure Portal?

Thanks in advance and for you effort 

Dawn Fama June 11, 2019

We had a need to have JIRA accessible outside our network for mobile devices.  We don't have JIRA configured in the DMZ only on an internal server so our option was to have an Enterprise application configured in Azure.  We are using Azure as a proxy back into our network. 

Our JIRA instance has a user directory connectors configured using delegated LDAP Authentication.

In the User Schema settings there is an option for User Object Filter, we have this set to only look for users within a particular domain security group, this is so JIRA doesn't pull in the entire company domain.

I believe the user schema settings in JIRA have user attributes which need to match the same user attributes and claims on Azure.

Those were in the Single Sign On section

0 votes
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 19, 2017

You can use SAML. This works with both premium and basic version of AZURE:

https://marketplace.atlassian.com/search?query=kantega

0 votes
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 2, 2017

Hello everyone,

I guess some of you will be interested in ODCC, a new plugin for Crowd: https://www.cleito.com/products/odcc/

(It is also available on Atlassian Marketplace at https://marketplace.atlassian.com/plugins/com.cleito.odcc/server/overview)

ODCC stands for Office 365 Directory Connector for Crowd. It allows you to add your Office 365 / Windows Azure Active Directory to Atlassian Crowd as if it were a standard LDAP directory.

You can see it in action here:

https://youtube.com/watch?v=SH8R_emN43U

(Disclaimer: I work for the vendor of this plugin)

Russell Stanford April 19, 2017

Nice, but it doesn't work for the cloud version of Atlassian. For cloud version you will have to have a Google Suite account or what @Lars Olav Velle mentions below. 

Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 19, 2017

@Russel Actually as far as I know (@Lars, please correct me if I'm wrong), Kantega's plugin is for server edition only so this won't work for Atlassian Cloud neither. But yes, SAML is the way to go for Atlassian Cloud and Atlassian has just launched a public beta for it: https://confluence.atlassian.com/confeval/other-atlassian-evaluator-resources/does-atlassian-cloud-support-saml

Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 19, 2017

We only support server edition due to technical limitations. If you are using JIRA cloud, then I`d check out the link @Bruno is referring to.

Russell Stanford April 19, 2017

Didn't realize the link went to Kantega, but I was referring to the premium and basic version of Azure to connect to Atlassian with SAML.

Jeevan Desarda February 16, 2018

Azure AD has a free app which you can connect to Atlassian Cloud. You can see the step by step instructions from Microsoft are here https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-atlassian-cloud-tutorial

0 votes
Payal Baheti December 30, 2014

Is this feature available now ?? Can someone provide an update ?

Jeevan Desarda February 16, 2018

Microsoft has just released the FREE SAML single sign on plugin for our mutual customers. You can download the plugin from Microsoft Download Center and then use Azure AD JIRA app to connect with it. You can see the complete documentation from here and then use single sign on for it. 

Feel free to write back to us on our alias if you face any issues. 

Thanks.

FREE Plugin : https://www.microsoft.com/en-us/download/details.aspx?id=56506 

Documentation: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-jiramicrosoft-tutorial

0 votes
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 26, 2014
Vilas Torgal January 26, 2014

Thanks for the reply Timothy. We tried using the details from the link you mentioned and they are good for connecting with LDAP directory on-premise. However, we could not connect to cloud based Azure AD services. Any help in this regards would be great.

Suggest an answer

Log in or Sign up to answer