SAML2 and OpenID Connect are very similar authentication protocols. If you are free to choose the protocol, please consider the following points:

  • SAML2 does not require a backchannel between your identity provider and your Atlassian application. OpenID Connect needs to be able to connect to your identity provider. Thus, in a scenario where your identity provider and your Atlassian application cannot talk directly to each other, go with SAML2. Since OpenID Connect uses a backchannel to transmit data, it can be considered more secure than SAML2 since it uses the user's browser. 

  • SAML2 supports Single Log Out. This means when logging out, you are automatically logged out from your identity provider and any other application where you are logged in with the account. For OpenID Connect, we only support it from the client, i.e. when you log out at some other service, we will not get notified about it.

  • Our initial release of OpenID Connect was beta. Since SAML SSO plugin version 6.3 OpenID Connect as authentication protocol is production ready.
    • We are comfortable with the existing identity providers to work, however, there could be identity providers that require some modifications. 

If you have questions left, please contact us at or book a free support ticket via