SAML Single Sign-OnSAML Single Sign-On
Try For Free

Auth0 with Manual Provisioning

Goal

After completing this setup guide, you will have setup Auth0 with Manual Provisioning and your Atlassian Server or Data Center product for the SAML SSO app. Additionally, you will test SSO and enable the SSO redirection.

Prerequisites

To use the SAML SSO app with Auth0, you need the following:

  • An Auth0 subscription

  • A (trial) subscription for the SAML SSO app for Server or Data Center 

  • Admin access to your Atlassian product

  • Users are already available in Jira and Auth0


Step-by-Step Setup Guide

Install the SAML SSO App for Server or Data Center



In your Atlassian product, open the in-product marketplace as described in the Atlassian documentation.
Search for "resolution saml" and click "Install" for SAML Single Sign On (SSO) by resolution Reichert Network Solutions GmbH


After the installation is complete, click on Manage, then choose Configure

Now, you are on the Add-on / app configuration page and the first step of the setup wizard will appear.

install_saml_sso
install_saml_sso






First Steps - Wizard



When you configure our plugin for the first time you directly start with our configuration wizard. Click Add New IdP.


image2021-5-3_11-45-8.png



For the IdP Type, choose "Auth0". You can also change a Name. Click on "Next" to continue.


image2021-4-27_15-30-23.png



In the next step, you will configure Auth0. Please keep this tab open or copy the information.


image2021-4-27_16-33-37.png

Create and Configure an Auth0 Web Application for SAML SSO


Navigate to the Auth0 Portal. In the left panel, click on Applications.

image2021-4-27_16-38-38.png



Create a new application.

image2021-4-27_16-39-56.png



Add a Name for this application and choose Regular Web Applications. Click on Create.



image2021-4-27_16-44-13.png



Click on Addons and enable the SAML2 WEB APP.


image2021-4-27_16-49-41.png



Switch to Settings and enter the Callback URL. You can copy it from where you left the SAML plugin wizard.  


image2021-4-30_12-17-52.png


The Auth0 Identity Provider configuration also needs to be adjusted for Atlassian products. To do so you can copy the configuration from below, adjust the audience and recipient (take again the info from the SAML plugin wizard), and paste it into the black Settings box.  


Configure Auth0 as Identity Provider for Atlassian
  1. {
  2. "audience": "<Base-URL>/plugins/servlet/samlsso",
  3. "recipient": "<Base-URL>/plugins/servlet/samlsso",
  5. "nameIdentifierProbes": [
  6. "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
  7. "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
  8. "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
  9. ],
  10. "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email"
  11. }


Scroll down and click Enable.



Switch back to Usage and copy the link for the Identity Provider Metadata by right clicking and copy link.


image2021-4-30_12-32-17.png


Continue the Configuration of Auth0 in the SAML SSO plugin

Click Next and paste the Metadata URL into the Metadata URL field. Click on Import to import the IdP metadata. 


image2021-4-30_12-36-25.png


Once the metadata was imported successfully you can press Next.



In this section of the wizard you define whether the NameID attribute from Auth0 is sent in a format that matches with the UserID in the application. When it matches you can leave the field ticked and click Next.


image2021-4-30_12-55-15.png


As the User Provisioning methods of our plugin will not be used the User Update Method can be left unchanged and you can click Save & Next.


image2021-4-30_13-0-26.png

Now it is time to test your SSO configuration.



Testing SSO


The wizard also allows to test the Single Sign On. Just follow the steps to test if the login works as expected. 

Click on "Start" to proceed.


image2021-5-3_10-6-20.png


Copy the marked link and open a new incognito/private tab or a different web browser. Then paste the link and navigate to it. 


image2021-5-3_10-23-31.png



You will be now redirected to Auth0's login page. Please log-in with you username and password. 


image2021-5-3_10-15-49.png



If everything worked fine, you will be logged into your Atlassian product. In the other tab/browser in which you were configuring the SAML SSO plugin, you can also see the "SUCCESS" status. Click Next to proceed.


image2021-5-3_10-22-35.png



SSO Redirection


As a last step, you can set the Enable SSO Redirect option. If set, all users will be redirected to Single Sign On, thus they will be logged in via the IdP. Click on Save & Close to finish the configuration.


image2021-5-3_11-34-38.png


If you have not tested your SSO Setup successfully on the previous page we advise not to turn on “Enable SSO Redirect”.
Please, confirm it works first. Otherwise, you may lock yourself out of the instance.

You can enable the SSO redirection later in the app settings under the Redirection tab.

In case you locked yourself out please have a look into this article