Implementing Single Sign-On for Exciting Government Agency

Meet Suzie!

AdobeStock_318178620 [Converted].png

Suzie works as an Atlassian Product Support Specialist for a highly regulated government department. Let's call them Exciting Government Agency, or EGA for short. As an Atlassian Certified Professional, Suzie is trusted to find and implement solutions tailoring the Atlassian experience to suit the business requirements and meet the regulatory needs of EGA. Over the next few weeks I am going to share some of Suzie's work stories.

The following is based on actual use cases. Only the names, locations and events have been changed. No Jira Admins were harmed in the writing of this article 😉

 

About time! With support from the IT Architects, Suzie has a request to implement Single Sign-On (SSO) for the Atlassian products she supports. Suzie knows the help desk team will appreciate the reduction in support calls about forgotten passwords. They will also be pleased to no longer have repeated conversations about why reusing passwords and writing passwords on Post-It notes are bad ideas with EGA employees. Implementing SSO will benefit employees at EGA directly as well. Unlike complex password requirements and regularly expiring passwords, SSO is something that improves the experience of employees while also improving security. 

The IT Architects have given Suzie the following requirements:

  • Kerberos authentication should be used when accessing Atlassian products within the office,
  • NTLM authentication should be available for remote users who are using a local user on their laptop rather than a domain user,
  • SSO is needed for Bitbucket, Confluence, and Jira,
  • Any apps used need to be backed by 24/7 support and preference is given to vendors with established positive reviews with at least 5 years of operation.

Most EGA employees work from their own desks in the office.  There are a growing number of employees who use laptops to work from home some or all of the time. When working remotely, these employees log in to the office VPN before accessing any Atlassian products. Past regulatory requirements required all software applications to be installed on-premise. Suzie is aware there is an infrastructure project in the early stages to move applications from their servers to data centre deployments.

Suzie goes where all Atlassian Administrators go to hunt for new apps - the Atlassian Marketplace. When looking through all the apps offering SSO, Suzie can see a lot of them support Kerberos for both Server and Data Centre but only one stands out when it comes to catering for remote users through NTLM - EasySSO by TechTime. Reading through the EasySSO listing on Marketplace Suzie also notes TechTime offers 24/7 support for their app, which has been on the Marketplace for over 10 years. They also offer EasySSO for Confluence, Bitbucket, Bamboo and Fisheye minimising the number of vendor relationships needed.

 

With a 30-day free trial of EasySSO for Jira, Suzie sets up SSO with NTLM in her Jira Server test environment following the steps outlined on how to configure EasySSO with NTLM/Kerberos on the TechTime website. The trial installation and set-up is repeated for Bitbucket and Confluence. Suzie has received positive feedback and testing sign-off from the testing team and is ready to deploy to production. The only step left on the change management process before deploying to Production is the CIO’s signature and attending the weekly change advisory board (CAB) meeting - though these steps are usually just formalities.

 

But what would a project be without a change of requirements or complication? 

After seeing RIP, Passwords: Hello, Biometrics shared on LinkedIn, the CIO of EGA wants confirmation that any tools related to product access have the ability to integrate with biometric tools. In hopes of keeping the project on track, Suzie sends an email to TechTime support to ask about biometric integration. Much to her relief, the EasySSO range of products can be configured to receive Headers and X509 requests sent from biometrics tools so go live can proceed as planned. Even better, the response from TechTime was within a couple of hours. This meant Suzie had the information she needed before CAB so her go live could proceed as planned.

Screen Shot 2020-02-17 at 3.49.52 PM.png

Whether you want to reduce the time your help desk team is spending on access and password related queries, want to get rid of the myriad of written passwords you know are scattered around your organisation, or simply appreciate the time saving that comes with SSO - be like Suzie and trial EasySSO for Server and Data Center today.

1 comment

Comment

Log in or Sign up to comment
Poorvi Jhawar
Atlassian Partner
February 18, 2020

@Kat Warner This is such a fantastic article! 

TAGS
AUG Leaders

Atlassian Community Events