Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,413,967
Community Members
 
Community Events
170
Community Groups

Single Sign On (SSO): Configuring Multiple Identity Providers and Transitioning Metadata

The Jira Align SAML 2.0 IdP (Identity Provider) initiated SSO Solution can support multiple identity providers as needed.  The following article will cover how to support multiple identity providers and how to transition to a new identity provider or make general modifications to the identity provider metadata.

 

Supporting Multiple Identity Providers or Multiple Configurations from a Single Identity Provider

  1. Configure your first Identity Provider SSO Solution as per https://community.atlassian.com/t5/Jira-Align-articles/Video-How-to-enable-single-sign-on-SSO-with-Jira-Align/ba-p/1296205 and https://agilecrafthelp.zendesk.com/hc/en-us/articles/115000374174-10X-Jira-Align-SSO-Support
  2. Create a second set of IdP metadata in your original IdP or an additional IdP
  3. Navigate to Jira Align Admin > Platform > Security > Click “Add SAML Provider” and paste in the 2nd set of metadata

image.png

Notes:

  • The “Sign in URL” field will be grayed out until “Disable Manual Sign In” is set to Yes.  It is recommended to validate SSO configurations before setting “Disable Manual Sign In” to Yes
  • Jira Align only supports a single “Sign in URL” redirect which means users will need to navigate directly to the sign in URL of additional IdP configurations.  A good technique for doing this is users adding the additional IdP configuration sign in URLs to their browser favorites.

 

Transitioning Metadata for Updates (accounting for the agilecraft.com to jiraalign.com domain change).

Option 1:

  1. Have your SSO engineer create a new SAML 2.0 SSO configuration in your IdP utilizing your new site URL as the Entity ID and Assertion Consumer Service Location. 
  2. If the original Entity ID and Assertion Consumer Service Location you utilized for SSO was https://www.customer.agilecraft.com the new value for Entity ID and Assertion Consumer Service Location would be https://www.customer.jiraalign.com.  Ensure that the SAML signature policy is set to sign both the Response and Assertion. 
  3. Copy the newly created Jira Align IdP metadata and navigate to Jira Align Admin > Platform > Security > Click “Add SAML Provider” and paste in the newly created Jira Align metadata
  4. Validate the newly created Jira Align domain SSO configuration using the sign in URL from your identity provider
  5. When ready to transition replace the *agilecraft.com “Sign in URL” under Jira Align Admin > Platform > Security with the newly created jiraalign.com sign in URL. 
  6. Revalidate the SSO solution and remove the original *agilecraft.com metadata from Jira Align Admin > Platform > Security

 Option 2:

  1. Have your SSO engineer update the existing SSO SAML configuration by replacing the agilecraft.com Entity ID and Assertion Consumer Service Location URL with the jiraalign.com domain
  2. Validate the SSO solution now authenticates into the jiraalign.com domain

Notes: If Manual login is disabled and SSO is reconfigured to the jiraalign.com domain name, any links to the agilecraft.com domain such as Jira weblinks or links within email notifications will only work if your SSO solution has a proper relay state configured.  The Jira Align team is currently working on a solution to mass update Jira weblinks.  In the meantime customers can request a redirect from the agilecraft.com to the jiraalign.com domain after re-configuring their SSO solution in case of any legacy agilecraft.com links.  

2 comments

Hi @Tim Keyes this article is using imgur. Could the image hosting be updated on this one please? Many thx

Like Tim Keyes likes this
Tim Keyes Atlassian Team Oct 21, 2020

Hi @Karalee Kikiros

Thank you for the note.  I hope all is going well!

I have updated the image hosting on the article.  The rest of the articles should be good to go, but please reach out if you encounter another one.

Cheers!
Tim

Like Karalee Kikiros likes this

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events