AWS ALB & Amazon Cognito AuthenticationAWS ALB & Amazon Cognito Authentication
Try For Free

Azure and ALB Setup

Goal

After completing this guide, you will have set up Azure and your ALB for the AWS ALB & Amazon Cognito Authentication app.


Prerequisites

This guide assumes the following:

  • A (trial) subscription for the AWS ALB Auth app

  • Admin access to your Atlassian product and AWS

Guide

  1. Go to https://portal.azure.com, then to Azure Active Directory and choose App registrations.

    App registrations Azure



  2. Then click New Registration
    2 new app2.png

  3. Enter a name for the app. Now, add the Redirect URI https://<baseUrl>/oauth2/idpresponse and substitute <baseUrl> with the baseUrl of your instance.

    Add name for the app and add the redirect uri



  4. Copy the Directory (tenant) ID, as well as the Application (client) ID into your favorite text editor. We will need it later.

    copy the directory tenant id and application client id.



  5. Now go to Certificates & secrets and click New client secret.

    5 1 screeet2.png



  6. Add a Description for the secret and an Expiry. If you do not want to interrupt your service, choose Never and click Add

    Add description , Expiry and click Add



  7. Now, the secret will be displayed once. Thus, click the copy button near the Value column and add this to your text editor as well.

    Copy the password value



  8. Next, click Token configuration and then Add optional claim.

    Go to token configuration and click add optional claim



  9. For the type choose Access - for some reason, the ALB will ignore ID tokens. For this tutorial series, we assume that you use the user principal name for the username in your Atlassian application. Thus, click upn from the list and confirm by clicking Add.

    6 2 token2.png



  10. Azure will now ask you to add permissions to retrieve the claims from before. Select Turn on the Microsoft Graph ... option and click Add.

    Turn on graph permissions



  11. For the next steps, go to the AWS management console at https://console.aws.amazon.com/ and go to the Load balancers options.

    Select the load balancer which manages your Atlassian product, go to Listeners and click View/edit rules for the listener.

    Go to alb and view rules



  12. On the rules page, click the edit tab. Next, search for the rule of your Atlassian product and select the edit icon.

    Go to edit mod




  13. Select Add action and choose Authenticate.

    Click Add Action and click authenticate



  14. Next, choose OIDC for the type of the authentication.

    Choose OIDC



  15. Now we need to add the urls. You need the Directory Tenant ID, and Application Client ID, as well as the secret.

    Fill fields.

  16. Next, expand Advanced settings and set the scope to "openid profile". (Without quotes. The space between the two words is important!!). Click the checkmark button.
    Don't forget to select the load balancer below under Forward to

    10 2 scope2.png



  17. For the last step, click Update to save your settings. Please note that it will take some seconds until this will be enforced.

    Click Update



Further configuration

Please see (3.0.x) User Provisioning to learn about user provisioning, e.g. by claims or with an identity provider

This site uses cookies to deliver its service & to analyse traffic. By browsing this site, you accept the privacy policy.

Our Wiki uses cookies

We want to give you the best possible experience on our website. For this we use technically required cookies and, if you agree, cookies for analysis and marketing purposes. You can find more information about the cookies in our Privacy Policy. By tapping ‘Accept All,’ you consent to the use of these methods by us and third parties.

Necessary
Always Active
Analytics
Advertisement
Other