Hi all,
Our project has it;s own token server built on IdentityServer, so it's fully OAuth/ OpenID Connect compliant. Is there any way to authenticate users using that?
I've seen something about using a online directory like Okta, but we have our own (fully standards compliant). It would be very userfriendly if Jira would trust that external identity provider to authenticate customers.
I haven't found anything to that effect but maybe I missed it.. Does anyone have any ideas towards that? Technically it shou;dn't have to be that hard..
Hello, @Gert-Jan van der Kamp
I am pretty sure the SP doesn't actually care what the IdP is, as long as it follows the standards in its responses.
If yours is fully compliant then it should just work. Have you actually tried and found problems?
I suppose you will have to figure out the IdP side of the setup by yourself though, and since it's proprietary – you are unlikely to get help from anywhere...
Hi sorry for late reply I got distracted. What is SP exactly and where could I find that setting? Thanks in advance, GJ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SP = "Service Provider" in this case Atlassian Access.
IdP = "Identity Provider" in this case your own token server.
If IdP follows the standard, there is not way for a SP to tell what exactly it is talking to. So if you figure out how to configure your IdP to talk to Atlassian Access it will work.
The main issue here is that Access does not support OIDC, only SAML.
If you trust 3rd parties to handle your authentication you can work it via a bridge, see here: https://community.atlassian.com/t5/Atlassian-Access-articles/Log-into-Atlassian-Cloud-using-External-OAuth-OIDC-Provider/ba-p/1731169
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That's a great article thx. It does seem however this is not supported out of the box so that's less good news. I may have to park this for now. Guess having people enter their email for their first issue good enough for now. Thanks!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.