Prerequisites

    Starting with version 2.2.0, Service Desk customers can be assigned to organizations during SSO.

    This only applies to logins with a request-URL containing /servicedesk/customerfor which you can also enable am SSO redirection.
    Should you test your configuration with a login URL not containing the the above, neither organizations will be created nor assigned.


    in the redirection tab/ section of the plugin configuration ("Redirect SD Customer Portal").

    Configuration

    Organization names can either be fixed in the configuration or read from a SAML response attribute.

    Reading organizations from SAML reponse attributes

    As depicted in the screenshot below, you can specify a custom organization attribute key.
    If the IdP metadata contains claim attributes for organization names, these can be selected from a dropdown.
    If this is not the case, the dropdown won't be shown.

    Adding more organizations

    You can also add one ore more organization names to which customers will always be assigned.
    Simply use the + button beside "SD Customer Organizations", remove unwanted entries with the - button. 

    If an organization does not exist, the assignment is skipped unless Add nonexisting Organizations is enabled.

    Transforming organization names with regular expressions

    You can add one or more rules to transform the organization names from the SAML response according to your requirements.
    In the example below the term "org" is replaced with "servicedesk".

    By checking "Skip untransformed Organizations" you can prevent untransformed names to be used.
    This might be important, if you need to enable "Add non-existing organizations".

    Creating organizations with the SAML SSO app

    Prerequisites

    As mentioned earlier,  organizations can be created automatically. For that to work, an administrator user with "JIRA Service Desk" application access must exist.
    Only starting with version 3.1.0, the plugin will try to find the first an administrator user with these permission. In older 2.2.x and 3.x versions, it was using the first
    to be found. This was sometimes a problem, as it was not guaranteed that the user has service desk application access and hence caused creation and assignment to fail.

    Organization creation and service desk projects

    As of now, organizations created by the plugin will be assigned to all non-archived service desk projects and only, if the administrator user has access to these
    service desks. This is usually the case, unless you have a number of administrator users with limited permissions to some of these projects.

    There will be more control over automated creation of service desk organizations in a later version of the plugin.
    If you are using the Adaptavist script runner plugin, you could work around that current limitation already today.


    You can also remove an organization from a project if you don't want it to be assigned to it or delete the organization completely.
    All these actions can be found in the "Customers" section of each Service Desk project.


    Please note, that organizations created with the add-on prior version 2.3.4 were not correctly assigned to the Service Desk projects.
    You can fix this by manually adding the organization again to your Service Desk project(s).

    You'll see that it is already available via autocomplete.
    As soon as you did this, even the customers assigned to it with a version prior 2.3.4 will be visible in that organization again.