You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Azure Active Directory is a popular SAML 2.0 service. The following is an example of how we have tested and configured Azure with Jira Align. Please review the following example and adjust as needed for your organization's security policies and practices.
1. Sign into Azure and click on Azure Active Directory.
2. Select Enterprise Applications from Manage in the left column.
3. Click on New application.
4. Select Non-gallery application.
5. Name the application something relevant to your organization and/or the application itself and click Add. In this case, we've named it JiraAlign.
Note: Any spaces in the name will cause issues with the Login URL later so it's best to just avoid them.
6. Under the Getting Started section, click on 1. Assign users and groups.
7. Click Add user and add Users as needed. You need at least one User to test SSO and you can go back and add more later if you want.
8. On the Add Assignment screen, you can select the users you want, click Select and Assign.
9. The user(s)/group(s) should show up on the Users and groups pane now.
10. Click on Single sign-on and SAML.
11. In Section 1: Basic SAML Configuration, edit the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) to both be the Jira Align instance:
Alternatively, you can upload the metadata file by copying the Show Jira Align Saml 2.0 Service Provider metadata from Jira Align (Administrator > Platform > Security) and save as an XML file.
12. In Section 3: SAML Signing Certificate, edit and change the Signing Option to Sign SAML response and assertion. Click Save.
13. Also, in Section 3: SAML Signing Certificate, click Download next to Federation Metadata XML to use in a later step.
14. Please note that Azure has made some recent changes surrounding Logout URL. Please use the provided URL below and also read through the "Sign Out URL" section at the end of this article.
15. In the left hand menu under Manage, click Properties and copy the User Access URL for use in a later step. User Access URL will start with https://myapps.microsoft.com/signin.
16. Sign into Jira Align and click Administration > Platform > Security.
17. Click Add SAML Provider.
18. Paste in the SAML 2.0 Metadata from Azure (Step 13 from earlier).
19. Click Save & Close.
20. Set Enable SSO to Yes.
21. Click Save Settings.
22. Open up an incognito window in your browser and navigate to the User Access URL from Azure (Step 15 from earlier).
You'll need to open a ticket with Jira Align to regain access if you get locked out while Disable Manual Sign In is turned on.
If for some reason your Sign In or Sign Out URL contain encoded characters (Example: %20 for space), you'll need to replace that with the non-encoded equivalent.
To change the default roles assigned to new users, please navigate in Jira Align to Admin > Connectors > Jira Settings > Jira Setup.
Scroll all the way to the bottom and review the Default System Role for New User(s) and Default Team Role for New User(s).
Also please review this article for more specifics on System Roles vs Team Roles.