It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Connecting JIRA to Azure AD

Hi, We are exploring an option of installing the JIRA on one of our Azure servers and then connecting it to our corporate Azure Active Directory.

Appreciate any help in how to implement connecting JIRA to azure AD and with some inputs/pointers on way forward.

are there any readily available plugins for this purpose?

10 answers

1 accepted

Thanks for the reply Timothy. We tried using the details from the link you mentioned and they are good for connecting with LDAP directory on-premise. However, we could not connect to cloud based Azure AD services. Any help in this regards would be great.

Microsoft has just released the FREE SAML single sign on plugin for our mutual customers. You can download the plugin from Microsoft Download Center and then use Azure AD JIRA app to connect with it. You can see the complete documentation from here and then use single sign on for it. 

Feel free to write back to us on our alias if you face any issues. 

Thanks.

FREE Plugin : https://www.microsoft.com/en-us/download/details.aspx?id=56506 

Documentation: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-jiramicrosoft-tutorial

@Jeevan Desarda or @anyone 

do you know if the plugin available from MS will work with Jira installed on a *nix machine?  I'm trying to upload it but it keeps failing.  The MS doc states Jira has to be installed on a 64bit Windows OS but figured I'd ask if you had any experience

Like Pardip bhogal likes this

Hi @john morrissey

The JIRA AAD plugin worked on Ubuntu LTS without any problems I could see.

I saw the same upload problem with the Confluence plugin MS offer for AAD. I found a work around by having the page download the plugin file from a web server instead of uploading from my local machine. Seemed to do the trick to get it installed. The confluence plugin broke more generally at this point and we couldnt complete its configuration in our tests.

I know that @Jeevan Desarda is working on some updates for the JIRA and confluence plugins at the moment to address version currency and some issues I opened with MS about them.

I also installed the plugin on Ubuntu LTS without any problems. But there is a problem when using the plugin behind a reverse proxy. 

Confluence and Jira are installed as specified in the documentation.

Jira/Confluence <- HTTP -> Apache Reverse Proxy <- HTTPS -> Client

The generated urls for the identifier, the reply url and the sign on url are only http but https is required.

I'm currently in contact with microsoft to find a solution on this.

Maybe someone has an idea. 

This is just for your information.

 

@gmrizzo have you ever managed to find a solution?

Hey @Maksim Skutin

not yet. I'm trying to work out a solution together with the support.

The issue is that the plugin tries to identify the url by itself. So it only gets the internal not encrypted url of jira.

Maybe a solution is to also enable SSL between jira and the apache reverse proxy. 

I will provide here more information when the time comes.

Hey @gmrizzo, how do you think, would it be possible to open public ticket for you?

Maybe a solution is to also enable SSL between jira and the apache reverse proxy. 

Actually this could be a reason.

I thought about it but I didn't knew where to create the ticket.

Thank you for the link.

@Maksim Skutin 

I don't know if this is anymore relevant but I will post my success for anyone having the same problem. 

Microsoft provided us with the updated version of the plugin with a well documented setup process. My fault was the missing "secure" attribute at the connector in the server.xml. After setting this according to the documentation to true everything worked fine.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/jiramicrosoft-tutorial 

I hope it helps someone.

Like Maksim Skutin likes this

@gmrizzo, thanks for the update!

For the https in the JIRA URLs instead of http, make sure to have secure=true in the server.xml. 

Have you been able to get a reply on this so far?

Microsoft has just released the FREE SAML single sign on plugin for our mutual customers. You can download the plugin from Microsoft Download Center and then use Azure AD JIRA app to connect with it. You can see the complete documentation from here and then use single sign on for it. 

Feel free to write back to us on our alias if you face any issues. 

Thanks.

FREE Plugin : https://www.microsoft.com/en-us/download/details.aspx?id=56506

Documentation: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-jiramicrosoft-tutorial

It looks as though Microsoft is offering that connection now. 

https://azure.microsoft.com/en-us/marketplace/partners/atlassian/atlassiancloud/

I haven't tried it yet and was browsing here in the group to see if anyone else has connected to it. I am curious if everyone connected via Azure has to be a paid user, or if some can be paid users and other customers. 

Thanks

Russell Stanford

Yes, we have ton of customers who are using Atlassian Cloud app to connect with JIRA on Cloud. This application on Azure AD app gallery is developed along with Atlassian team. So feel free to use it. 

This app is also available for FREE Azure AD customers and you can use it for all the organization users.

Hi @Jeevan Desarda

 

I have tried installing Microsoft plugin on Jira and I am facing the same issue, The generated urls for the identifier, the reply URL and the sign-on URL are the only HTTP but https is required.

My jira is behind proxy and server.xml does have the secure= true entry but it' still not working.

is there any other solution for this problem?

 

Thanks:

Richa Pathak

Hey @Richa Pathak,

is your scheme setup HTTPS? I had the same issues configuring the plugin, my issue was a typo in the settings. 

https://docs.microsoft.com/de-de/azure/active-directory/saas-apps/jiramicrosoft-tutorial#configure-jira-saml-sso-by-microsoft-sso

Like Richa Pathak likes this

Hi @gmrizzo

I also had typo in the settings. Thanks very much. It really helped! :)

Thanks:

Richa Pathak

Like gmrizzo likes this

You're welcome

Hi all,

 

I made some progress and was able to successfully connect with SSO, however, every signed in user requires to be in Jira internal directory, is this the only option?

How can I make sync in place so that a user will get automatically created in Jira if it does exist in Microsoft Azure AD?

Any suggestions?

Is this feature available now ?? Can someone provide an update ?

Microsoft has just released the FREE SAML single sign on plugin for our mutual customers. You can download the plugin from Microsoft Download Center and then use Azure AD JIRA app to connect with it. You can see the complete documentation from here and then use single sign on for it. 

Feel free to write back to us on our alias if you face any issues. 

Thanks.

FREE Plugin : https://www.microsoft.com/en-us/download/details.aspx?id=56506 

Documentation: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-jiramicrosoft-tutorial

0 votes
Bruno Vincent Community Leader Feb 02, 2017

Hello everyone,

I guess some of you will be interested in ODCC, a new plugin for Crowd: https://www.cleito.com/products/odcc/

(It is also available on Atlassian Marketplace at https://marketplace.atlassian.com/plugins/com.cleito.odcc/server/overview)

ODCC stands for Office 365 Directory Connector for Crowd. It allows you to add your Office 365 / Windows Azure Active Directory to Atlassian Crowd as if it were a standard LDAP directory.

You can see it in action here:

https://youtube.com/watch?v=SH8R_emN43U

(Disclaimer: I work for the vendor of this plugin)

Nice, but it doesn't work for the cloud version of Atlassian. For cloud version you will have to have a Google Suite account or what @Lars Olav Velle mentions below. 

Bruno Vincent Community Leader Apr 19, 2017

@Russel Actually as far as I know (@Lars, please correct me if I'm wrong), Kantega's plugin is for server edition only so this won't work for Atlassian Cloud neither. But yes, SAML is the way to go for Atlassian Cloud and Atlassian has just launched a public beta for it: https://confluence.atlassian.com/confeval/other-atlassian-evaluator-resources/does-atlassian-cloud-support-saml

We only support server edition due to technical limitations. If you are using JIRA cloud, then I`d check out the link @Bruno is referring to.

Didn't realize the link went to Kantega, but I was referring to the premium and basic version of Azure to connect to Atlassian with SAML.

Azure AD has a free app which you can connect to Atlassian Cloud. You can see the step by step instructions from Microsoft are here https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-atlassian-cloud-tutorial

You can use SAML. This works with both premium and basic version of AZURE:

https://marketplace.atlassian.com/search?query=kantega

Hi friend,

I connected the Azure AD through the microsoft addon and it works nice.
But I still have to create the user first to internal jira directory otherwise I get "User is not available". Is there a way to create all users automatically? Or do I have to setup a user directory?
How to configure the user directory sync for the azure ad?

I would like to know more about this as we are considering switching to Jira Service Desk. If we have to manually send an invite every time we have a new employee come on board before they can submit requests that is a deal breaker. 

We use the Azure AD SAML method to add users. You have to add them to the Azure AD enterprise application. They then appear in the list of users, or portal only users. When they sign in with their office 365 credentails + 2FA (if any) their account is linked to Jira. 

Like # people like this

Hi Russel,

we setted up a test-connection between azure ad and Jira with the article discribed above (https://docs.microsoft.com/de-de/azure/active-directory/saas-apps/jiramicrosoft-tutorial)

Unfortunately it doesn't paste the Azure Ad user to jira on it's own, we have to create it manualy in the jira user directory (also with password details, which is a no-go in corporate use). 

If I understand you correct, your userdata from the Azure Ad is directly transfered to jira and then ready to use for all office365 users. Could you point out, how you made this happen.

Thx

This would interest me too. Currently we need to add the users manually to JIRA user directory. An automatic transfer or setup at first login for the allowed users in the Azure AD enterprise application would be much appreciated. 

Rizzo, 

By chance do you connect JIRA with your company Active Directory? 

We are using the MS add on with JIRA and an Azure Proxy.  On Azure SSO there is a user claims section,  Make sure the user attributes match.

Also in JIRA manage add on for the microsoft add on, under SAML UserID Location

we chose 

User ID is in an Attribute element and entered sAMAccountName

@Dawn Fama Did you mean by connecting JIRA to my company Active Directory to setup the AD as a user directory? We only use the AD inside the Azure Cloud with the DC service. From my knowledge there is only read access from the LDAPs interface available.

I don't get the second part of your comment. What do you mean with an Azure Proxy and where do I find the "user claims" section inside the Azure Portal?

Thanks in advance and for you effort 

We had a need to have JIRA accessible outside our network for mobile devices.  We don't have JIRA configured in the DMZ only on an internal server so our option was to have an Enterprise application configured in Azure.  We are using Azure as a proxy back into our network. 

Our JIRA instance has a user directory connectors configured using delegated LDAP Authentication.

In the User Schema settings there is an option for User Object Filter, we have this set to only look for users within a particular domain security group, this is so JIRA doesn't pull in the entire company domain.

I believe the user schema settings in JIRA have user attributes which need to match the same user attributes and claims on Azure.

Those were in the Single Sign On section

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Demo Den Ep. 7: New Jira Cloud Reports

Learn how to use two new reports for next-gen projects in Jira Cloud:  Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...

273 views 1 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you