Hi there,
I'm looking to migrate our Jira Service desk from server to cloud. I'm having some issues on how to get SAML SSO setup for a district of schools that I work for, I can setup SSO using Azure AD but each site in the district has a separate Azure AD tenancy. Atlassian Access appears to only allow a single SSO provider at a time per organisation.
I can think of 3 solutions but I might be missing something so any help is appreciated.
Hi @[deleted] ,
Unfortunately we don't support the ability to split users on the same domain across different SAML configurations. However this is on our roadmap to address in the near future: https://jira.atlassian.com/browse/ACCESS-572
If each school's users are on a separate email domain, you could create an organization for each school. Atlassian Access is billed per user, so the licensing cost would be approximately the same. I don't think there would be any difference in licensing cost whether your identity provider is Azure AD or Okta.
Hi Dave, has engineering nailed down a date when this functionality would be in JIRA?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Dan Brewerton ,
We're actively working on this project; however the ability to set up multiple SSO providers is only slated for the final milestone. We're hoping to have this done in the first half of 2021.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Multiple tenants could be federated into azure B2C. In fact we are trying to use Azure B2C since we want work across multiple Identities and log into Atlassian cloud.
Wondering if AzureB2C as SAML provider has been successfully implemented.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @[deleted] ,
You can take a look at some sort of bridge or connector between Atlassian Access and Azure AD(s). Where connector will take care of multiple Azure AD SSO configuration and act as single IDP for Atlassian Access.
FYI,
I work for the miniOrange, one of the top SSO vendors in the Atlassian Marketplace and we have a module (broker service) that helps you to achieve your use case. It is available in both cloud and On-Premise version.
Please check the docs for more details.
https://idp.miniorange.com/docs/single-sign-on/identity-broker-service/
Feel free to reach out to miniOrange support, in case if you need help with the configuration or have any other questions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello @Dave Meyer
I have carefully read the initial comment and the scenario that he mentions does not correspond to the feature that you indicate and that is currently on the roadmap [ACCESS-572], there they talk about having different IdPs (Google, Microsoft...) at the same time on the same organization/tenant, but what he is initially asking for is to have the same IdP (Microsoft AAD) but for different tenants/directories, I think it corresponds to this ticket: ACCESS-885.
I have the same situation as him.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Carlos Sancho Écija the work that we are doing to support multiple SAML and SCIM configurations for an organization will be applicable whether it's multiple connections to the same IdP or if the organization is using different IdPs. From the Atlassian perspective, it's irrelevant.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great!, thank you for your answer. Is there a realease date for this feature?.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Aleksandra Kakol , it's currently in early access. You can contact a member of our team to request to be enrolled. See the message here: https://jira.atlassian.com/browse/ACCESS-572?focusedCommentId=3005741&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3005741
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.