Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restrict SAML Bypass URL to Specific Groups

Eric McClintock
EM
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 13, 2024

Hello, 

We have a need to use automated accounts which interact with our Jira instance (Jira 9.12 DC) via the front-end UI, due to various factors we're not able to authenticate these accounts using our SSO provider via SAML. 

We're investigating the use of the SAML bypass URL for these types of use cases, however, we're wondering if there is a way to restrict the use of the SAML bypass URLs to specific groups only. 

We'd like to require normal users to go through the SSO/SAML process, however allow approved accounts used by automations to use the SAML bypass login process.

Are there any configuration options or plugins that can enforce such restrictions to the SAML bypass URLs?

Answer
Watch
Like Be the first to like this
294 views

1 answer

0 votes
Aditya_miniOrange
Aditya_miniOrange
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 14, 2024

Hi @Eric McClintock 

I'm not sure if the Atlassian SSO allows you to restrict SAML bypass URLs to specific groups. If you are considering a third-party add-on, I would like to suggest trying out the miniOrange Jira SAML SSO plugin. 

With the help of this plugin, you can Restrict the Backdoor URL to certain groups in the application.

When you enable this option, you’ll be asked to enter the groups to whom backdoor access should be provided. Now, when a user tries to access the backdoor URL, he’ll be asked for his username first and if that username belongs to the configured group, only then will he be able to use the login page.

Let me know if you would like to have a demo of this. You can raise a ticket via link and I'll make sure that a miniOrange representative gets back to you. 

P.S. - I work for miniOrange, one of the top security vendors on the Atlassian Marketplace. 

Thanks,

Aditya 

 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events