OAuth/OpenID Connect: Enhancing Security and User Experience for Your Atlassian Apps

Hello Community!

As the end of Server support nears, the majority of the companies are in the process of Migration. Companies moving to Data Center have to adopt Single Sign On for their applications for greater security, improved usability, and lower IT costs. While moving to Data Center, you may evaluate whether the native OAuth/OpenID Connect (OIDC) SSO is a good option.

Atlassian’s Native OAuth/OIDC SSO is a very simple implementation that requires manual work with the overall feature set still lacking for major Enterprises. Configuring SSO in a reasonable time is not an easy job. Debugging an Authentication problem without having the right expertise is hard and for how long can you afford to investigate the problem while your users can’t access Jira? It is essential to add advanced SSO features on top of Jira and Confluence's Native SSO to keep the system secure. miniOrange OAuth/OpenID Connect SSO solution for Atlassian Data Center comes packed with a variety of powerful features.

miniOrange's OAuth/OpenID SSO allows login into Atlassian applications them being Jira, Confluence, Bitbucket, and Bamboo. All applications can be accessed with a single set of credentials, eliminating the need to repeatedly enter the credentials. 

The miniOrange OAuth/OIDC app has a rich set of features! Let's take a sneak peek into it 👀: 

1. Enhanced Security with Single Logout/OIDC Logout - As users don’t have the habit of closing their sessions in every application they are working on, the chances of cyber attacks on Atlassian applications increase.  With the OIDC logout endpoint, all applications connected to the provider get logout automatically if one logout operation is performed for any of the applications. It’s the best practice supported by OIDC protocol and allows you to close all the sessions centrally from a single application. 
2.  Managing User Permissions in Data Center - Managing users and their permissions in Atlassian applications is quite a task for admins. With automated provisioning, the administrator can manage groups in OAuth/OpenID Provider and sync or provision that in SSO-connected Atlassian applications. With miniOrange’s SSO plugin, you can choose to sync all groups or select groups from OAuth/OpenID Provider based on your requirements. You also get the flexibility to include local groups and configure a few important groups as Default groups. These groups will automatically get assigned to the user after Single Sign On (SSO).
3.  Multiple Identity Provider Support - Enterprise organizations on Data Center have a complex identity infrastructure, with a high number of identity providers (some with a custom OAuth provider) used at the same time by different branches, divisions. Thus the ability to support multiple IDPs is therefore critical for larger Atlassian customers on Data Center. With miniOrange OAuth/OIDC SSO you can add multiple identity providers and experience a smooth login experience. 
4.  Emergency URL & Group Restriction - this allows your users to access the Jira/confluence’s default login page in case something goes wrong with your identity provider. It lets you to bypass the SSO and use the local credentials.  access the Jira/Confluence's default login page even if SSO is enforced for all the users. Thinking about more security? We got you! For that you can enable group restriction upon the Emergency URL, so that only users belonging to particular groups will be able to access the default login page.
5. IDP specific documentation - With every Identity Provider having their own way of doing things, the documentation of miniOrange OAuth/OIDC SSO has a detailed the step by step process on how to set up SSO to connect with that specific identity provider.
6.  Export/Import Configuration - If you are testing the setup at your test environment, you can use the same configuration to deploy to the production environment. With exported data, administrators do not need to reconfigure the entire setting again. This reduces entire setup time and chances of messing up configuration at the very critical system. This is only accessible to the admins. 
7.  Feel good - Login, Logout and Error templates - you can easily customize Login, Logout and Error Templates. This feature will help users around the globe to configure their own template depending on their use and needs.
8.  Audit/Debug logs - the logs give you detail about any errors or issues related to the plugins’s functionality. Spotting the error will take a matter of minutes and hence you can resolve the same as soon as possible. 

So there you have it! 🙋‍♂️

miniOrange OAuth/OIDC plugin is a powerful tool that can help you secure access to your Atlassian Data Center apps from wherever your users are working. 

If you need to have a closer look at the functionality of our product to better understand how it can fit into your current resources, feel free to reach out to us at atlassiansupport@xecurify.com or click here and explore your SSO needs.