Jira Okta integration

In this page you can learn how to integrate Okta with your Atlassian applications (like Jira, Confluence, or Bitbucket) using our SAML SSO apps. This plugin provides immediate access to the Atlassian stack to your end users and a consistent log in experience.

If you need help or have questions with Okta or with a different Identity Provider,  you can contact us via our help desk or book a free screen share session at https://resolution.de/go/calendly.

Similar guides for most Identity Providers can be found on the left panel of this documentation.



Step-by-Step Guides for Integrating Okta with SAML2

Okta Jira integration with user directory synchronization

Based on your user provisioning requirements, pick one of the following step-by-step guides.

In most cases, we recommend using Okta with User Sync.

Setting up User synchronization with Okta, as well as authentication via SAML 2.0

  • Okta with Just-In-Time Provisioning
    Setting up authentication via SAML 2.0 with Okta and using Just-in-Time Provisioning to create/ update user accounts during login. This method enables the values contained in the SAML attributes.

  • Okta with Manual Provisioning
    Setting up authentication via SAML 2.0 with Okta for users that already exist in the Atlassian product.

Some important notes:

  • User Sync functionality is currently only available for Jira, Confluence, Bitbucket, and Bamboo.
  • Fisheye only supports Manual User Management.

Step-by-Step Guides for Integrating Okta with OpenID Connect


Setting up User synchronization with Okta, as well as authentication via SAML 2.0

  • Okta with Just-In-Time Provisioning
    Setting up authentication via SAML 2.0 with Okta and using Just-in-Time Provisioning to create/ update user accounts during login. This method enables the values contained in the SAML attributes.

  • Okta with Manual Provisioning
    Setting up authentication via SAML 2.0 with Okta for users that already exist in the Atlassian product.

Some important notes:

  • User Sync functionality is currently only available for Jira, Confluence, Bitbucket, and Bamboo.
  • Fisheye only supports Manual User Management.

Which Step-by-Step Guide you should pick?

Depending on your Atlassian products and how you want to manage users, you can choose from different user provisioning models. 
We recommend using User Sync since it is easy to set up and maintain. Most customers with the goal of automating access management pick this method.

User Sync can also be used to migrate existing users from other directories, without breaking references to tickets, pages, repositories, etc.
You can take a look at this article for reference. Don't hesitate to reach out, if you need help with that.

In general, with Okta we support the following methods for user provisioning:

  1. User Sync - allows to sync users periodically from Okta, but also when they log in for the first time into your Atlassian product. See our detailed article for User Sync.
  2. Just in Time Provisioning - allows to create and update users on the fly when they log in. See our detailed article for JIT.
  3. For Manual User Management, the administrator has to create and update users on Okta and your Atlassian product manually
    We do not recommend it. See our article for Manual User Management.

Overview of the different approaches to integrate users from an Okta cloud directory

Model/FunctionAdmin Effort(tick) Pros and Feature Highlights(error) Cons

User Sync


Low
  • Uses Okta API to perform regular sync
  • Users and groups created & updated shortly after done in Okta
  • Users in the Atlassian application can be disabled as a result of the sync, saving licenses
  • Additional attributes can be written to Jira user properties
  • Identity Provider must have a public API
Just in Time Provisioning

Medium

  • Creates & Updates users based on information in the SAML Response during Login
  • Users are only created on their first Login.
  • Users & Groups are updated only during SAML authentication
  • Users can't be deactivated
Manual User ManagementHigh 

  • No initial configuration is required to provision users
  • No sync between Okta and Atlassian application happens
  • Needs manual maintenance of two user bases (or is done via custom developments)

Differences with free Okta plugins for an Jira and Confluence on premise

Our SAML SSO apps are the most popular method to integrate Okta with Jira, Confluence, or Bitbucket. Customers can also create a Jira Okta integration or a Confluence Okta integration with the free plugins published by Okta. However, these plugins are not fully maintained and have very limited functionality, mostly limited to authenticating all the users.

On the contrary:

  • Our plugins are fully supported and compatible with all the newest versions of Atlassian applications
  • We conduct state of the art tests to ensure that our products have no security loopholes, and provide immediate fixes when such a loophole is identified
  • Our customers enjoy a great freedom to decide how they want to configure Single Sign On to best meet their requirements – no matter how intricate or complex
  • Lastly, users can easily be provisioned, updated and deprovisioned directly from Okta once it has been integrated with your Atlassian tools