SAML Single Sign-OnSAML Single Sign-On
Try For Free

PingOne with Manual Provisioning

Goal

After completing this setup guide, you will have to set up PingOne with Manual Provisioning and your Atlassian Server or Data Center product for the SAML SSO app. Additionally, you will test SSO and enable SSO redirection.

Prerequisites

To use the SAML SSO app with PingOne, you need the following:

  • A PingOne subscription

  • A (trial) subscription for the SAML SSO app for Server or Data Center 

  • Admin access to your Atlassian product

  • Users are already available in Jira and PingOne

Step-by-Step Setup Guide

Install the SAML SSO App for Server or Data Center


In your Atlassian product, open the in-product marketplace as described in the Atlassian documentation.
Search for "resolution saml" and click "Install" for SAML Single Sign On (SSO) by resolution Reichert Network Solutions GmbH


After the installation is complete, click on Manage, then choose Configure

Now, you are on the Add-on / app configuration page and the first step of the setup wizard will appear.

install_saml_sso
install_saml_sso




First Steps - Wizard

After you clicked "Configure", the Wizard will be triggered. If not, or if you want to add another Identity Prover (IdP) to your existing configuration, click on "+ Add IdP". This guide assumes, that there is no IdP configured.
The Wizard greets you with information, click on "Add new IdP" to proceed.

welcome_wizard_add_newidp
welcome_wizard_add_newidp


For the IdP Type, choose "PingOne" and then add a name. You can also optionally add a description. Click on "Next" to continue.

image2022-12-8_11-13-36.png

In the next step, you will configure PingOne. Please keep this tab open or copy the information.

image2022-12-8_11-15-0.png

Create and Configure a PingOne App for SAML SSO for Atlassian Data Center or Server

Adding an Application for the SAML SSO App

Log into the PingOne Portal as an admin. Go to Connections > Applications > Click "+" > Give it a meaningful name > Choose Application Type "SAML Application", and hit the "Configure" button.

image2022-12-8_11-17-21.png


On the initial SAML Configuration tab, click Manually Enter and copy the ACS URL and Entity ID into the fields. After that, you can click Save. 

image2022-12-8_12-26-5.png


Go to the Attributes in the Overview tab and change the saml_subject Attribute to Username on the PingOne Mappings column.

image2022-12-8_14-5-20.png



image2022-12-8_17-17-7.png


You can now enable the application.

image2022-12-8_17-19-24.png


The next step is to copy the SAML Metadata. Just go to Configuration and copy the IDP Metadata URL.

image2022-12-8_16-23-43.png

Now go back to the SAML SSO configuration, paste your Metadata URL, and click Import. After a successful import, click Next.

image2022-12-8_16-27-17.png


Now, you have the possibility to configure the user ID attribute and its transformation options. In our setup, the user ID is sent in the NameID attribute of the IdP in a format that matches the one in the Atlassian product, so we don’t need to change anything here.

name_id_samlsso
name_id_samlsso

Under User Creation and Update, you can leave the setting No User Update and click Next.

image2022-12-8_17-27-44.png


Now, you can save the configuration by clicking on the Save & Next button.

Test

It’s time to test your settings. Our plugin will create a tracker link to test your configuration. Please click ‘Start’ and follow the instructions.

start_test_samlsso
start_test_samlsso

After a successful test, you can enable the ‘Enable SSO Redirect’ checkbox. From now on, every unauthenticated user will be automatically redirected to PingOne to sign in.

enablessoredirect_samlsso
enablessoredirect_samlsso