Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Organization Assignment
Prerequisites
Please note that Organizations are only available for Jira Service Management (JSM). Organizations are groups of customers that can be associated across multiple projects. By adding an organization to a project, its members gain the ability to raise requests within the project and share these requests with others in the same organization.
Starting with SAML SSO version 2.2.0, Service Desk customers can now be automatically assigned to organizations during SSO.
This only applies to logins with a request-URL containing /servicedesk/customer/portal Should you test your configuration with a login URL not containing the above, neither organizations will be created nor assigned.
You can also enable SSO redirection for users in the redirection tab of the plugin configuration ("Redirect Jira Service Management Portals"). The "Redirect Jira Service Management Portals" section provides options to configure whether users are redirected to the Identity Provider (IdP) when accessing Jira Service Management portals, including: not redirecting any portals, redirecting all portals, redirecting only selected portals, or redirecting all except certain selected portals.
Configuration Guide for Organization Names
You can configure organization names in one of two ways: either by setting them directly in the configuration or by reading them from an attribute in the SAML response.
Reading organizations from SAML response attributes
In the settings (as shown in the screenshot below), you can define a custom attribute key to capture the organization name. If the IdP metadata includes organization name claim attributes, these attributes will be available in a dropdown list. If no attributes are available in the metadata, this dropdown will not appear.
Adding more organizations
You can also add one or more organization names, to which customers will always be assigned.
Simply use the + button beside "SD Customer Organizations", remove unwanted entries with the - button.
If an organization does not exist, the assignment is skipped unless Add nonexisting Organizations is enabled.
Transforming organization names with regular expressions
You can add one or more rules to transform the organization names from the SAML response according to your requirements.
In the example below, the term "org" is replaced with "servicedesk".
By checking "Skip untransformed Organizations" you can prevent untransformed names to be used.
This might be important, if you need to enable "Add non-existing organizations".
Creating organizations with the SAML SSO app
Prerequisites
As mentioned earlier, organizations can be created automatically. For that to work, an administrator user with "JIRA Service Desk" application access must exist.
Only starting with version 3.1.0, the plugin will try to find the first an administrator user with this permission. In older 2.2.x and 3.x versions, it was using the first
to be found. This was sometimes a problem, as it was not guaranteed that the user has service desk application access, and hence caused creation and assignment to fail.
Organization creation and service desk projects
As of now, organizations created by the plugin will be assigned to all non-archived service desk projects and only, if the administrator user has access to these
service desks. This is usually the case, unless you have a number of administrator users with limited permissions to some of these projects.
There will be more control over automated creation of service desk organizations in a later version of the plugin.
If you are using the Adaptavist script runner plugin, you could work around that current limitation already today.
You can also remove an organization from a project if you don't want it to be assigned to it or delete the organization completely.
All these actions can be found in the "Customers" section of each Service Desk project.
Please note, that organizations created with the add-on prior version 2.3.4 were not correctly assigned to the Service Desk projects.
You can fix this by manually adding the organization again to your Service Desk project(s).
You'll see that it is already available via autocomplete.
As soon as you did this, even the customers assigned to it with a version prior 2.3.4 will be visible in that organization again.