You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Most Atlassian Data Center installations are hosted on AWS. That gives the option to enable the Amazon’s Application Load Balancers (ALBs) you're already using for distributing traffic among nodes to also handle authentication.
There are mainly 2 advantages to this approach.
First, it shields the Atlassian product from all unauthenticated traffic, offering an additional layer of security and making DDoS attacks and similar threats impossible.
Secondly, it offloads the authentication away from your instance, increasing performance even when thousands of users are logging in at the same time in peak hours.
Unfortunately, there are also several nuisances setting this up out of the box.
Users must authenticate twice. Once, via the IdP when the request is intercepted by the AWS ALB. A second time, when the user actually reaches the Atlassian application. This can be particularly upsetting, as users need to remember to use their IdP password up front, followed by their local password.
If you use SSO, you must setup and maintain the two configurations. SSO gets rid of the second authentication event for the user. However, it also increases complexity and makes debugging of failed authentication attempts significantly more difficult. You want to keep your application architecture as simple as possible.
At resolution, we have published AWS ALB and Amazon Cognito Authentication, an app that creates a seamless authentication flow between the ALB, the IdP, and the Atlassian application.
Users are automatically logged into Jira, Confluence or Bitbucket once they authenticate through the IdP.
Atlassian applications hosted in AWS
An active Application Load Balancer (ALB)
An OIDC-compliant identity provider, such as Okta, Azure AD, or GSuite. Alternatively, you can use SAML-compliant IdPs combined with Amazon Cognito user pools
Install AWS ALB and Amazon Cognito Authentication for Jira, Confluence, or Bitbucket (coming soon)
Configure your IdP and your AWS ALB. Here you have the complete setup with Azure AD, but do let us know if you need help setting up any other IdPs.
From within the AWS ALB Authentication app configuration in your Atlassian application, select the preset for your IdP and follow the steps of the documentation.
Save the configuration. If you run into any issues, get in touch with our support team and we’ll gladly help you set it up!
Inbound Marketing | Thought Leadership
19 accepted answers