(Cloud) SSO for Portal-Only users : A Current/Definitive answer !

Andrew Hatch
Contributor
September 26, 2018

Really trying hard to figure this out, but keep hitting dead-ends. I have SSO enabled for Agents working flawlessly, but there seems to be no clear way to simply enable it for users. I can restrict new users to my domain, I can have them self-signup and generate new passwords which works fine. However, to simply have them redirected to our SSO solution (Duo), there just seems to be now clear way.

I've used Zendesk in the past that has a VERY clear option to simply select 'End-Users' and 'authentication method'. I can't seem to see anything on the JIRA Service Desk / Atlassian access portals (Using Cloud).

I notice from the support threads that pricing model/options for Identity Manager/Access have gone through some changes, so that's even more confusing. I'm reading elsewhere that we shouldn't get charged for End-Users using SSO, but I'm still completely confused as to how that's actually accomplished. Any advice ?

2 answers

1 accepted

0 votes
Answer accepted
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 27, 2018

Hi @Andrew Hatch,

Hopefully the answer to your question is pretty simple.

When you create an organization (on admin.atlassian.com), sign up for Atlassian Access, and configure SAML, all your managed accounts (which you can see at admin.atlassian.com after you have verified a domain) will have SSO applied.

You are only billed for agents. This applies to both Jira Service Desk and Atlassian Access.

So, for example, if you have 10 agents serving 100 other "customer" users at your company who only create tickets through the customer portal, and they all belong to your email domain, you will have 110 total managed accounts, but only 10 billable users. If you're paying monthly, your total bill will be $230 ($20/user for Jira Service Desk + $3/user for Atlassian Access x 10 users). The 100 users who are just creating tickets via the portal will be covered by your SSO for free, and obviously you don't have to pay for Jira Service Desk for them either.

Hope that answers your question. More info about Atlassian Access pricing here.

Regards,

Dave

Andrew Hatch
Contributor
October 4, 2018

I'm certainly happy about the billing aspect, however where I'm confused is how to set up those 100 users to actually use the SSO. I have them enrolled in a synced security group to our SSO solution (Duo), however it continues to set them up as a 'regular' users with unique logins/passwords. The only way I can get the SSO to work is if I assign a paid product to those users (like JIRA software or Confluence). 

Any chance you can advise on the specific settings required to trigger SSO for portal end-users ?

Like Steve Berno likes this
Andrew Hatch
Contributor
October 4, 2018

Note that I do see this which seems pertinent: https://jira.atlassian.com/browse/JSDCLOUD-1015 

0 votes
Jens
Contributor
September 27, 2018

I cannot answer your question (I would like to know too), but

It seems very clear that Jira Service Desk is an addon that fundamentally differs from how Jira has been designed and this gives Atlassian problems with implementing simple features that are well-designed in other service desk products. Having to jump through three different products to work on tickets (JSD), KB (Confluence) and users (Access) just shows how incoherent the solution is.

It also gives problems with the pricing model because the original per-user licensing scheme doesn't work well with a large number of portal users which is a common scenario for service desks.

Right now I think the biggest selling point for Jira Service Desk is that it is dirt cheap for small teams. It is hugely complicated to manage and it is really slow (at least for Jira on Demand).

Andrew Hatch
Contributor
October 4, 2018

I definitely feel they are moving in a positive (and sometimes super awesome!) direction with the product, but I certainly am feeling those growing pains with them. I'm an IT / ITIL guy so JiraOps is something I've basically been cobbling together with mods/addons for years anyways. I certainly respect that it's difficult to navigate the product offerings as it evolves, but this scenario was one that for Zendesk (competitor I'm evaling now) was a no-brainer. Just a checkbox for end-users to use SSO and we were done.

Hoping for a similar story to happen here :)

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events