Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to authenticate into Jira, Confluence, and Bitbucket with your AWS Application Load Balancer

Problem statement

Most Atlassian Data Center installations are hosted on AWS. That gives the option to enable the Amazon’s Application Load Balancers (ALBs) you're already using for distributing traffic among nodes to also handle authentication.

There are mainly 2 advantages to this approach.

  • First, it shields the Atlassian product from all unauthenticated traffic, offering an additional layer of security and making DDoS attacks and similar threats impossible.

  • Secondly, it offloads the authentication away from your instance, increasing performance even when thousands of users are logging in at the same time in peak hours.

Unfortunately, there are also several nuisances setting this up out of the box.

  • Users must authenticate twice. Once, via the IdP when the request is intercepted by the AWS ALB. A second time, when the user actually reaches the Atlassian application. This can be particularly upsetting, as users need to remember to use their IdP password up front, followed by their local password.

  • If you use SSO, you must setup and maintain the two configurations. SSO gets rid of the second authentication event for the user. However, it also increases complexity and makes debugging of failed authentication attempts significantly more difficult. You want to keep your application architecture as simple as possible.

Solution: Setting up seamless authentication with AWS ALB into Atlassian products


At resolution, we have published AWS ALB and Amazon Cognito Authentication, an app that creates a seamless authentication flow between the ALB, the IdP, and the Atlassian application.


  • The app takes information from the OIDC tokens and token claims during the authentication exchange between the ALB and the IdP, then uses that information to log in the user into the Atlassian app.
  • Users are automatically logged into Jira, Confluence or Bitbucket once they authenticate through the IdP.


  • Atlassian applications hosted in AWS

  • An active Application Load Balancer (ALB)

  • An OIDC-compliant identity provider, such as Okta, Azure AD, or GSuite. Alternatively, you can use SAML-compliant IdPs combined with Amazon Cognito user pools


  1. Install AWS ALB and Amazon Cognito Authentication for Jira, Confluence, or Bitbucket (coming soon)

  2. Configure your IdP and your AWS ALB. Here you have the complete setup with Azure AD, but do let us know if you need help setting up any other IdPs.

  3. From within the AWS ALB Authentication app configuration in your Atlassian application, select the preset for your IdP and follow the steps of the documentation.


Save the configuration. If you run into any issues, get in touch with our support team and we’ll gladly help you set it up!


Mohammed Amine Community Leader Jun 09, 2021

Great article to read


Log in or Sign up to comment
Community showcase
Published in Apps & Integrations

Send an Email or Publish to Confluence - What should you do with your release notes?

Background When you hear the words ‘Release notes’, almost always you think of an unsolicited email from a software vendor. But I am here to tell you that from our data, sending release notes via E...

65 views 0 1
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you