Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Software and Confluence Cloud login with ADFS

ptunstad
ptunstad
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 11, 2018

Im trying to find out if it is possible to login to Atlassian services(Jira and Confluence) using the companys already existing ADFS.

I noticed the possibility for SAML single sign-on in Atlassian Access, but in the documentation they claim to not officially support ADFS(https://confluence.atlassian.com/cloud/saml-single-sign-on-943953302.html?_ga=2.100312606.1287436313.1528705498-1122072327.1528705498#SAMLsinglesign-on-Supportedidentityproviders), could Atlassian Access still be the way to go?

I read that Jira Cloud has support for synchronization with Googles Gsuite, maybe i could enable SSO via ADFS there and then link Gsuite to Atlassian?(https://confluence.atlassian.com/cloud/security-with-g-suite-938859740.html )

I also found guides for connecting to LDAP for both Jira(https://confluence.atlassian.com/adminjiraserver071/connecting-to-an-ldap-directory-802592350.html) and Confluence(https://confluence.atlassian.com/doc/connecting-to-an-ldap-directory-229838241.html) "natively", but for both solutions im missing the User Directories-field in admin settings. Also im not sure LDAP might not be supported on ADFS below version 4.0.

Lastly if there exist an add-on from the marketplace that could be used, but the relevant onces i could find seem to be just for server and not cloud.

Any input is appreciated.

 

 

 

Answer
Watch
Like Sonny Singh likes this
8523 views

4 answers

1 accepted

2 votes
Answer accepted
Rodrigo B_
Rodrigo B_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 1, 2019

Hello everybody who is still watching this question, Atlassian has provided an official guide for the integration: https://confluence.atlassian.com/cloud/configure-saml-single-sign-on-with-active-directory-federation-services-ad-fs-975020616.html

Also, we must thank @Bill Webster for sharing his own guide for the integration! We really want to give you a little treat, Bill, let us know if we can contact you through email.

Thank you,

Rod

Atlassian Cloud Support

View More Comments
Bill Webster
Bill Webster
Contributor
August 1, 2019

Hi Rod, feel free to contact me via e-mail.  I'm glad this can provide value for others. 

In the future, we will likely migrate to the AzureAD as recommended but we're not quite ready for that change yet.

Like bungky.raharjo likes this
Lloyd Langley
Lloyd Langley August 8, 2019

Hi Bill and Rod,

Many thanks for this great posting, but I have a query (aimed at Rod)..  the official guide (you link to above) has section 2 under "Prepare your Atlassian Organization" saying "Subscribe to Atlassian Access".  This is something I don't want to do.. do I have to just to get SSO working?

Thank you both for you contribution. It is much appreciated.

Lloyd

Like
Rodrigo B_
Rodrigo B_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 13, 2019

Hi Lloyd,

We only provide SAML as the means to integrate with other Identity Providers on the Cloud for SSO, SAML is a feature from Atlassian Access, hence you would need to subscribe.

Access has some additional features that might be useful for you too, such as user and group provisioning through SCIM, overall audit logs for sites under your Atlassian organization, etc. More details into https://www.atlassian.com/software/access.

You can trial it for 30 days and it's important to highlight that you won't be billed for Access for the Service Desk only users with Atlassian accounts (a customer without licenses to products).

We hope this clarifies your concerns!

Rod

Like
Lloyd Langley
Lloyd Langley August 14, 2019

hi Rod,

Thank you for replying.

The reason I asked the above question is that I have been in discussion with Ariel Munchrath (Atlassian Customer Advocate II) and tried to explain that much as I'm sure Access is a wonderful product... I don't want all the bells & whistles.. I just want SSO and I'm pointing out that the documentation (like a lot of Atlassian documentation) doesn't tell the whole story and clouds the issue by toeing the company line and not telling the customer what they need to know as in...  "Subscribe to Atlassian Access"... why?  SAML should work fine.  Also.. despite being $3pm... it's not cheap for something I want, that could be free.

So in answer to your question.. it clarifies that Atlassian bundles stuff you don't want, with (free) stuff that you do and charges. $36 pa, per user.

If you do have a way of setting up SSO in the cloud without using Access.. that would be great!

Finally, I am grateful for your contributions to the forum; Thank you.

Best regards

Lloyd

Like
Reply
0 votes
Aminu Lolo
Aminu Lolo
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 4, 2024

Aminu lolo

Reply
0 votes
DevSecOps_bot
DevSecOps_bot
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 31, 2020

Hi, buddy,

  May I know if integrate with ADFS can grant project to LDAP group, seems there is ldap group mapping in claims?

 

Thanks

Reply
0 votes
Shahzad Faisal
Shahzad Faisal
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 29, 2018

Mr. Tunstad, Any luck so far with the resolution of being able to use the Jira / Confluence cloud login with ADFS? i was searching for the similar solution and came across this page.   

View More Comments
Bill Webster
Bill Webster
Contributor
January 11, 2019

I came across this post while trying to solve this issue for myself.  It's kind of late but I was able to get it working.

I followed their documentation and then these additional steps:

- Added E-Mail Address to the claim rule

- Added a transform claim rule to transform E-mail Address to Name ID with the outgoing name ID format of Email.

Like # people like this
Deleted user February 4, 2019

Hello Bill, I would really appreciate if you could give me a little more detail on how you have configured adfs

Thanks

Like
Bill Webster
Bill Webster
Contributor
February 4, 2019

On the Atlassian side (In https://admin.atlassian.com on the SAML single sign-on settings), I set the SAML configuration as shown below:

  Identity provider Entity ID: http://adfs.domain.com/adfs/services/trust

  Identity provider SSO URL: https://adfs.domain.com/adfs/ls/idpinitiatedSignon.aspx

  Public x509 certificate: I pasted in the ADFS token signing certificate after exporting it to a base 64 encoded .CER

 

Also on this page, you'll need to copy the SP Entity ID and SP Assertion Consumer Service URL.

atl-1.png

 

When you set up the relying party in ADFS, you'll need to use the SP Entity ID as the Relying party identifier as shown here:

atl-2.png

You'll need to use the SP Assertion Consumer Service URL on the Endpoint properties:

atl-3.png

 

From there, I added 2 claim rules as shown here:

Send LDAP Attributes

atl-4.png

Transform and Incoming Claim

atl-5.png

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events