SAML2 and OpenID Connect are very similar authentication protocols. If you are free to choose the protocol, please consider the following points:

  • SAML2 does not require a backchannel between your identity provider and your Atlassian application. OpenID Connect needs to be able to connect to your identity provider. Thus in a scenario where your identity provider and your Atlassian application cannot talk directly to each other, go with SAML2. Since OpenID Connect uses a backchannel to transmit data, it can be considered more secure than SAML2 since it uses the user's browser. 

  • SAML2 supports Single Log Out. This means when logging out, you are automatically logged out from your identity provider and any other application where you are logged in with the account. For OpenID Connect, we do not support this yet since it is not part of the protocol as of now.  

  • Our initial release of OpenID Connect is beta. This means that we are comfortable with the existing identity providers to work, however, there could be identity providers that require some modifications. 

If you have questions left, please contact us at or book a free support ticket via