OKTA and Jira On-Demand - AD Integration

OKTA's website shows that it is pre-integrated with "JIRA On-Demand", which is the Cloud solution. I've read previous posts stating that OKTA & JIRA Cloud integration is not possible. This seems to suggest otherwise.




Are there any issues with integrating an OKTA domain with "JIRA On-Demand"? Is there a new development which permits this? 

Ultimately we would like to integrate our OKTA (AD Domain) with JIRA On-Demand Authentication. 


Does anyone from Atlassian have validation that this works or doesn't? Need hard facts.

6 answers

1 vote

I think that's a misleading page on the part of OKTA.  Cloud only supports its internal user system and Google Applications.  It does not support any form of external active directory, or other user directory systems, and it looks like it's not going to for a while.  I suspect that if OKTA have an integration, they will have to have done something that does OKTA -> Google applications

See https://jira.atlassian.com/browse/ID-79https://jira.atlassian.com/browse/ID-79 for Atlassian's official line.

Most likely the access to JIRA On Demand is provided by Okta under their SWA banner, which does not require any integration with (or knowledge or approval of) the cloud system being integrated.  I haven't tried it myself from the Okta side, but apparently it's a system where users with an Okta account can enter their "JIRA credentials" into Okta in some secure way, and then from within Okta, a single click can "silently log them in" to JIRA because they're really just logging the user in for them by faking a browser session that visits the JIRA login page.

I found out about this feature when a customer of ours complained that their Okta SSO stopped working into our web app.  Since we didn't offer any authentication integrations at the time, I investigated and found Okta's SWA.  Since we had changed the form of our login page, their SWA integration stopped working until they fixed it.

In short, Okta SWA is likely to work, but it has the oddity of requiring you to enter your JIRA credentials (and those for each user) into Okta.  If that's not an experience you're willing to accept, then I'm not aware of any other solution.

Yes, "not integrating it, but using the same credentials" is the only way I can imagine Okta could claim it's being done (if it's not a google apps trick). Thanks for the explanation.

We use Okta to create users, update users and sync passwords with JIRA, JIRA Service Desk & Confluence.  Works ok, but full SAML would be the best.  I hope Atlassian is working on that.

I do have two problems...

  1. I cannot really provision users in and out of JIRA using Okta
  2. I cannot figure out how to setup SSO provisioning for my Service Desk Customers.  I am sure I can somehow, but it alludes me.

We really appreciate the Okta integrations using SAML.  If their isn't integration with SAML it makes it more difficult. Without SAML every app differs in available functionality.

In both cases, you can't do it - OKTA is acting as nothing more than a password safe for Cloud JIRA (as Mark explains above) and customer accounts won't work like that.

Here's a better link to what you reference: * https://support.okta.com/articles/Knowledge_Article/29583593-Using-the-Jira-On-Premises-SAML-App /quote/ Okta provides not only the JIRA On Demand (web app), accessible through the OAN, but also allows for single sign-on integration between Okta and JIRA on-premises. /quote/

Okta does support out-of-box integration for JIRA/On-prem and Cloud versions. Most of our documentation is built right in the product and can be accessed on the fly while integrating these apps. Please reach out to us if you have any questions. Thanks! Prab Kalra Director, Technical Marketing - Okta

0 votes

What does "support" for Cloud mean? As you can't use a user directory other that Cloud internal or Google applications, what does Okta actually do for Cloud? I have to assume Mark is correct - Okta doesn't provide any real integration, it just stores your Cloud credentials alongside your Okta accounts and then serves them up when a user logs into Cloud. Is that right?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,418 views 15 19
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you