Automated User Provisioning and SSO with JumpCloud

Chase Doelling
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 10, 2023

This post will demonstrate how to provision users and allow single sign-on (SSO) access into Atlassian Cloud with JumpCloud, an officially supported IdP for Atlassian

 

In order to begin there are a few prerequisites to set you up for success including:

 

Steps 1-3: Walks through how to configure SSO through SAML 2.0

Steps 4-5: Walks through how to configure automatic user provisioning through SCIM 

 

Step 1 - Configure Your Atlassian Cloud Application in JumpCloud

  • Login to the JumpCloud admin portal 
  • Click on ‘SSO’
  • Click on (+) and search for Atlassian Cloud or select from the featured applications section above
  • Click ‘configure’ 


image3.pngimage4.png

  • In the ‘General Info’ section enter a display label that will appear below the icon.

image7.png

Step 2 - Setting Up SSO in JumpCloud 

 

Within the application configuration next click on the ‘SSO’ tab. Here we will configure the SAML 2.0 settings to allow users SSO access in their JumpCloud user portal. To begin:

 

  • In IdP Entity ID, replace YOURDOMAIN with your domain that you have verified.
  • For Default RelayState,  replace YOUR_ORG_NAME with your Atlassian site domain.
  • For the IDP URL, you can replace it with your Atlassian site domain or leave as the default ‘atlassiancloud’
  • Then click ‘activate’
  • After the application generates the IdP certificate, download the certificate from the upper right hand side of the screen.
  • Finally, open the Atlassian connector again and copy the IDP URL for the next step
  • Keep this tab open :)

 image1.png

 

Step 3: Configure Atlassian Access

  

  • Login to the Atlassian admin console. 
  • Go to Security > SAML single sign-on.
  • Click Add SAML configuration. 

image5.png

  • In the Identity provider Entity ID field, enter the IdP Entity ID from JumpCloud.
  • In the Identity provider SSO URL field, enter the IDP URL from JumpCloud.
  • In the Public x509 certificate field, enter the contents of the certificate you downloaded
    • You might need to open a plain text/code editor
  • In the "Information required by your Identity Provider" section, you will see information displayed for:
    • SP Identity ID
    • SP Assertion Consumer Service URL (ACS URL)
  • Copy the SP Identity ID and the SP ACS URL  values for use during configuration of the JumpCloud SSO Application Part 2.
  • Click save configuration.
  • Keep this tab open 

 image9.png

Finish Configuring the JumpCloud SSO Application 

  • Open the Atlassian connector in JumpCloud. 
  • For SP Entity ID, enter the SP Identity ID from Atlassian.
  • For ACS URL, enter the ACS URL from Atlassian. 
  • Click save. 

 

Step 4: Set Up User Provisioning & De-provisioning

In the Atlassian Admin tab, ensure that you have verified your domain (this can take up to 72 hours to verify).

  • Click the ‘Security’ tab
  • Click the ‘Identity Provider’ tab and then ‘Add Identity Provider’
  • Select JumpCloud from the drop down and enter a directory name or just name it ‘JumpCloud’
  • Then connect your JumpCloud provisioning by clicking on Provision Users

 image2.png

  • Copy and paste the two fields of SCIM base URL and API key into your Atlassian connector in JumpCloud under the ‘Identity Management’ field.

image6.png

 

Step 5: Enable Atlassian Identity Management in JumpCloud

 

  • In the Atlassian connector you enabled for SSO, click ‘Enable management of User Groups and Group Membership’ if you want to provision, manage, and sync groups.
  • You're presented with two fields:
  • SP Base URL: Paste the Directory Base URL you saved when you created the Directory for JumpCloud in Atlassian Cloud
  • SP API Token: Paste your Atlassian Cloud API Key
  • Click Activate

 

image8.png

  • You’ll receive a confirmation that the Identity Management integration has been successfully verified and a Public Certificate is created. You can download the certificate from here.
  • Click save.
  • After the application is saved, it will appear in your SSO Applications list. You can now connect user groups to the application in JumpCloud to provision and provide user access to Atlassian Cloud.

 

image (1).png

 

Attribute Mappings 

The following table lists attributes that JumpCloud sends to Atlassian Cloud.


 

JumpCloud Property

JumpCloud UI Attribute Name

Value and Validation in JumpCloud

Atlassian Cloud Attribute

email

Company Email

string

emails: value

username

Username

string

username

firstname

First Name

string

name.givenName

lastname

Last Name

string

name.familyName

suspended

suspended

boolean

active:false = inactive

created

Created Date

string

default

_id

Object ID

string

SCIM user id

middlename

Middle Name

string

name.middleName

displayname

Display Name

string

name.displayName

company

Company

string

organization

jobTitle

Job Title

string

title

department

Department

string

department

addresses: locality

 

string

address

phoneNumbers: type [=work phone “business”]

Work Phone

string

phone

phoneNumbers:number

Work Phone

string

phone

 

0 answers

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events