Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
IdP Selection by Email: Send email to the identity provider to pre fil login field
Problem
I use the IdP Selection by Email (see here) and I want to use the entered email to prefill the email at my identity provider. How can I do this?
Limitations
This feature is available for OpenId Connect-based identity providers. For SAML2 configurations, the feature is available for Microsoft Entra/Azure, ADFS, and Okta.
Technical background
OpenId Connect and SAML2 both specify an optional mechanism to pass email addresses/usernames to identity providers to pre-fill login forms. While all tested OpenId Connect-based identity providers implement the feature, none of the SAML2-based based do. However, there are non-standard ways to pass the information to the identity providers, thus we only support Microsoft Entra/Azure, ADFS, and Okta for SAML2 configurations.
Prerequisites
You must use the IdP Selection by Email - otherwise, there is no email to pass to the identity provider. Please see here to learn how to configure this.
Solution
Starting with SAML SSO 6.9.0, we allow passing the entered email to the identity provider. As a result, the users will only need to enter their password for the login. To configure this, please continue reading.
- Go to the SAML SSO app configuration.
- On the identity provider configuration, click Send Email as Login Hint to Identity Provider.
For new configurations, the Login Hint Parameter Name will be pre-filled. For existing configurations, you will find the needed parameter name below or the red validation message in the app.
For OpenId connect configurations, the Login Hint Parameter Name is always login_hint - for SAML2 configurations, please see the table below.IdP Name Login Hint Parameter Name for SAML2 Microsoft Entra/Azure login_hint ADFS login_hint Okta LoginHint
For OpenID Connect configurations, the Login Hint Parameter Name is always login_hint.
- Save the configuration.