Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can you configure SSO access to Atlassian Service Desk with Azure AD B2C?

Rob Wright
Rob Wright February 13, 2020

Is there an option to use Single Sign On (SSO) for the Service Desk product with an Azure AD B2C tenant as the Identity Provider?

 

Here is what we are trying to achieve.

Our application is configured to sign in with user identities in our B2C directory. We would like to add Service Desk as another application for those same user identities with the same credentials.

Answer
Watch
Like # people like this
2159 views

1 answer

0 votes
James Yip
James Yip February 15, 2020

You need Atlassian Access to do that. We had done it and working great.

View More Comments
Rob Wright
Rob Wright February 25, 2020

@James Yip, would you be able to provide any further insight into what you configured to get this working?

Like
Like
Rob Wright
Rob Wright February 25, 2020

Thanks, that is the reference I was using when I attempted to get this working. Just to confirm you got this to work with custom policies and Azure AD B2C?

I am looking a solution that allows us to use users in the B2C tenant that sign-in using their email address (this includes domains that can't be verified), these are customer addresses.

Like
James Yip
James Yip February 25, 2020

The process is the same as Azure AD B2C is nothing but the same Azure AD. See if this helps. If not, you can PM me to see if we can help you. ;-)

https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers

Like Ajay DevPro likes this
Ajay Wadhawan
Ajay Wadhawan July 15, 2020

Hi James:

I followed the document u suggested. But I had few questions.How do use set up the outputclaim for "uniques User Identifer" in the journey for SAML Policy.

Also the how do u setup return URl in SAML App registration in the AzureB2C portal- it does not allow query strings

"replyUrlsWithType": [        

{            "url""https://auth.atlassian.com/login/callback?connection=saml-1xxxxx XXXX",            

"type""Web"        }

 

Any help will be appreciated. 

Like
Ajay DevPro
Ajay DevPro July 16, 2020

James how can I get in touch with you. The major blocking issue for us is how to set SP Entity ID in Azure B2C. Not sure where I can set this information in my SAMLApp.

Like
James Yip
James Yip July 16, 2020

May I know where you specify that JSON setting? It should not be required.

Like
Ajay Wadhawan
Ajay Wadhawan July 17, 2020

I am getting trouble logging in error. Try logging in again. I am wondering which of the 2 issues is causing it.

 

1. Atlassian SAML Configuration page says  says it is expects the SP EntityID from the provider. I have now put  value(https://auth.atlassian.com/saml/1ea877e2-b5d4-49f1-934b-dfed83XXXX6)  in  the URI key in the Metadata section  in Technical  profile of IDP.  Do you set this value in your claims policy?

The other issue is the replyUrl in the SAMLApp manifest how do we set something with the querystring.

replyUrlsWithType": [        

{            "url""https://auth.atlassian.com/login/callback?connection=saml-1xxxxx XXXX",            

"type""Web"        }

 

Any help will be appreciated. It is comforting to note you have managed to enable this.

Like
Ajay Wadhawan
Ajay Wadhawan July 17, 2020

Hi James  a quick update:

I added 

<Item Key="IssuerUri">https://auth.atlassian.com/saml/1ea877e2-b5d4-49f1-934b-dfed837fde26</Item>

this seems to have solved my first problem.

The only issue I see now how to give the correct value of replyUrlWithType in the SAMLApplication manifest in Identity Experience Framework/ApplicationRegistration . Can you share your implementations replyUrlWithType with numbers munged? Does it have a query string?  Details below  for others.

Thanks

Ajay

 

Now I see the the error is about SP Assertion Consumer Service URL: https://auth.atlassian.com/login/callback?connection=saml-xxxx-xxxx-xxxx-xxxx-xxxxxx

I see the error below

https://id.atlassian.com/login/callback?continue=https%3A%2F%2Fadmin.atlassian.com%2Fo%2F%2Fsaml%3Fare%3Daid&error=unauthorized&error_description=Application%20registered%20corresponding%20to%20IssuerUri%20%22https%3A%2F%2Fauth.atlassian.com%2Fsaml%2Fxxxxxx-xxxx-xxxx-xxxx-xxxxxxx%22%20in%20AuthRequest%20does%20not%20have%20assertion%20consumer%20service%20URL%20%22https%3A%2F%2Fauth.atlassian.com%2Flogin%2Fcallback%22%20specified%20in%20its%20metadata.&state=eyJ1c2V

Like
Ajay DevPro
Ajay DevPro July 20, 2020

Hi James would really appreciate if u could show us how to set replyUrlwithType in the SamlApp manifest. It would be great 

Like
Ajay Wadhawan
Ajay Wadhawan July 21, 2020

I am concluding this implementation is apparently not possible, unless Some special allowances were made for James company. Can anyone from Atlassian speak about this.

Like
Rob Wright
Rob Wright July 21, 2020

Ajay, we gave up on this too.

Like
James Yip
James Yip July 21, 2020

First I'm using Azure AD not Azure AD B2C. This is the guide for Azure AD

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/atlassian-cloud-tutorial

 

@Ajay Wadhawan For the URL, it should be https://id.atlassian.com/login/saml/acs

Screenshot 2020-07-22 at 8.08.09 AM.png

Like
Ajay DevPro
Ajay DevPro July 21, 2020

I guess there is some confusion. This thread was for configuring azure B2C. Also the link u mention above is for Azure B2C. https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers.

Azure B2C does not involve using a specialized configuration app written by Atlassian. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events