Very new to Atlassian and Jira and I am trying to set up SSO with AzureAD Connect. I do not know where to find my organisation's Atlassian unique ID.
I am trying to update these two values:
I am following this tutorial: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-atlassian-cloud-tutorial
It has a note: The preceding values are not real. Update them with the actual identifier, reply URL, and sign-on URL values. You can get the real values from the Atlassian Cloud SAML Configuration screen. We explain the values later in the tutorial.
I have read the rest of the tutorial and it doesn't mention where I get the real values. The SAML Configuration screen does not contain any Unique ID information.
If I can find my way back here I will post an update if I discover the answer.
I got it working after quite a bit of configuration effort. The short answer is that you are probably missing the trailing /saml2 part of the url in the Identity provider SSO URL shown in Atlassian site admin > SAML single sign-on.
For the sake of completeness, I'm including steps that you've clearly completed successfully and also that show how I got to this missing piece of this configuration puzzle.
1. From Atlassian site admin, I verified the Azure domain by adding the TXT record as instructed.
2. In Azure, I added the Atlassian Cloud application to Azure AD and configured it to use SAML-based Sign-On.
3. In Atlassian site admin, I configured SAML as follows:
- Identity provider Entity Id: https://sts.windows.net/<my directory id>
- Identity Provider SSL URL: https://login.microsoftonline.com/<my directory Id>
-- The directory id is located on the Azure AD properties page.
4. I copied the text from my X509 certificate generated in Azure and added that to the SAML configuration in Atlassian site admin > SAML single sign-on. You'll find the certificate in Azure under Atlassian Cloud > Single Sign-on. I saw some documentation suggesting that you need to remove the Begin and End Certificate text. That's not true.
5. As you stated, after I saved the configuration, Atlassian site admin returned an SP Entity ID value and SP Assertion Consumer Service URL value.
6. I returned to Azure and copied the first value to:
- Identifier (Entity ID): https://auth.atlassian.com/saml/<id value provided by Atlassian>
and the second value to:
- Reply URL: https://auth.atlassian.com/login/callback?connection=saml-<id value provided by Atlassian>.
7. Here's the important last step that I missed and it looks like you might have missed too because no where does it say you need to do this! In Azure I navigated to Atlassian Cloud - Single sign-on. At the bottom of that pane, I clicked the option that reads: Configure Altassian Cloud.
8. I scrolled down to near the bottom of that page and found the Quick Reference Section. There I saw two values. The first value: Azure AD Single Sign-On Service URL is the one I needed to update in Atlassian. Notice that this value contains a trailing /saml2 value on it: https://login.microsoftonline.com/<your directory id>/saml2. After updating the Identity provider SSO URL in Atlassian with this new value, SSO began working.
Note, there are additional user configuration steps that you might have to take in Azure, but I don't believe it's mandatory to do this. By default, I believe user policy is disabled in Azure for this type of connection.
Learn how to use two new reports for next-gen projects in Jira Cloud: Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events