You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
In this article I will show you how to set up Anovaapps Global SSO for Jira with Okta.
You can watch a video for this article here.
I have a developer account for Okta but it should be the same with the standard Okta account.
Install Global SSO
Go to manage apps -> Find new apps and enter global sso in the search field. Then push the install button on the found app.
Create Okta application
Create an account either on the dev Okta site or production Okta site.
After you created your account go to Applications and push the “Create Integration App” button:
Then choose SAML 2.0
Push the “Next” button
Enter the App name and push the “Next” button
Enter your url in the “Single Sign On URL” input field in the following format:
Enter the same url as in the “Single Sign On URL” input field in the “Audience URI (SP Entity ID)” input field.
Enter your url in the following format into the “Default RelayState” input field:
Here are my input values:
Now push the “Next” button.
Choose “I’m a software vendor” and push the “Finish” button.
Push the “Identity Provider metadata” link:
Copy the url.
Go to the “Assignments” tab and a assign a user to this Application. The user must have the same email address as a user in Jira.
Setup Global SSO
Go to manage apps -> SAML Consumer Configuration. Choose the “Metadata URL” option, enter the copied url into the “Metadata URL” and enter the “Secret phrase”:
Push the “Parse settings from metadata” button:
Go to the “Advanced Setup” tab and make sure that the “Cookie Path” input field has a value. If not then add “/” to the field and push the “Save” button.
If you have a load balancer in front of your nodes and this node balancer performs a status check on your nodes then you need to exclude this path from sso.
For example, my load balancer queries the /status endpoint from my Jira instance. To add an exception go to manage apps -> Global SSO settings and enter “/status;” in the “Exclude paths” input field:
Push the “Save” button.
Check SSO connection
Open new incognito window and enter the url to your Jira instance. You will be redirected to Okta for authentication:
Enter the valid user name and password and push the “Sign In” button:
As a result you will be redirected to your Jira and you will be logged in with your user:
That is all for the article! Have a good day!
1,574 accepted answers