Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Keycloak
Below, you can find information to setup Keycloak with our SAML SSO app for Jira Server, Jira Data Center, Confluence Server, Confluence Data Center, Bitbucket Server, Bitbucket Data Center, and other Atlassian products.
If you need help or have questions, you can contact us via our help desk or book a free screen share session at https://resolution.de/go/calendly.
Step-by-Step Guides with SAML2
Based on the user provisioning model you need, pick one of the following step-by-step guides.
See a comparison of each model in the table at the page bottom.
- Keycloak with User Sync
Setting up User synchronisation with Keycloak, as well as authentication via SAML - Keycloak with Just-In-Time Provisioning
Setting up authentication via SAML with Keycloak and using Just-in-Time Provisioning to create/update User Accounts during login. - Keycloak with Manual Provisioning
Setting up authentication via SAML with Keycloak for Users that already exist in the Atlassian Server or Data Center product.
Some important notes:
- User Sync functionality is currently only available for Jira, Confluence and Bitbucket.
- Fisheye only supports Manual User Management.
Step-by-Step Guides with OpenID Connect
Some important notes:
- User Sync functionality is currently only available for Jira, Confluence and Bitbucket.
- Fisheye only supports Manual User Management.
Which Step-by-Step Guide should you pick?
Depending on your Atlassian product, you can choose from different user provisioning models.
In general, with Keycloak we support the following ways for user provisioning:
- Just in Time Provisioning allows to create and update users on-the-fly when they log in. See our detailed article for JIT.
- For Manual User Management, the administrator has to create and update users on Okta and your Atlassian product by hand.
We do not recommend it. See our article for Manual User Management.
As of July 15th, 2019, Keycloak is supported by User Sync so that users can be periodically synced from it,
but also when they log in for the first time into your Atlassian Server or Data Center product. Read our detailed article for User Sync.
Usually we recommend User Sync for user provisioning, a documentation how to use it will be released very soon.
| Model/Function | Admin Effort | Pro's and Con's |
|---|---|---|
| Just in Time Provisioning | Medium |
|
| Manual User Management | High |
|
User Sync | Low |
|