Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Microsoft Entra ID (formerly Azure AD)
Azure Active Directory is now Microsoft Entra ID (https://learn.microsoft.com/en-gb/entra/fundamentals/new-name).
Below, you find information to set up Microsoft Entra ID (formerly Azure AD) and our SAML SSO apps for Atlassian Data Center and Server products. If you need help or have questions, you can contact us via our helpdesk or book a free screen share session at https://resolution.de/go/calendly.
If you do not know if you should go with SAML2 or OpenID Connect, please see SAML2 vs. OpenID Connect.
Based on your user provisioning model, pick one of the following step-by-step guides.
In most cases, we recommend to use Microsoft Entra ID (formerly Azure AD) with User Sync.
Step-by-Step Guides for SAML2
- Microsoft Entra ID (formerly Azure AD) with User Sync
Setting up User synchronisation with Azure AD, as well as authentication via SAML - Microsoft Entra ID (formerly Azure AD) with Just-in-Time Provisioning
Setting up authentication via SAML with Azure AD and using Just-in-Time Provisioning to create/update User Accounts during login. - Microsoft Entra ID (formerly Azure AD) with Manual Provisioning
Setting up authentication via SAML with Azure AD for Users that already exist in the Atlassian product.
Step-by-Step Guides for OpenID Connect
- Azure AD with User Sync
Setting up User synchronisation with Azure AD, as well as authentication via SAML - Azure AD with Just-in-Time Provisioning
Setting up authentication via SAML with Azure AD and using Just-in-Time Provisioning to create/update User Accounts during login. - Azure AD with Manual Provisioning
Setting up authentication via SAML with Azure AD for Users that already exist in the Atlassian product.
Some important notes:
- User Sync functionality is currently only available for Jira, Confluence & Bitbucket Server and Data Center
- Fisheye only supports Manual User Management.
Which Step-by-Step Guide should you pick?
Depending on your Atlassian Data Center or Server product, you can choose from different user provisioning models. We recommend using User Sync, since it is easy to set up and maintain.
In general, with Microsoft Entra ID (formerly Azure AD) we support the following ways for user provisioning:
- User Sync allows to sync users periodically from Azure AD, but also when they log in for the first time into your Atlassian product. See our detailed article for User Sync.
- Just in Time Provisioning allows creating and update users on-the-fly when they log in. A drawback for syncing groups from Azure is, that only group ids and no group names are sent. See our detailed article for JIT.
- LDAP synchronisation from Active Directory. Is your instance still synchronized to your Active Directory via LDAP, you can continue to do so. Please follow the "Manual User Management" Guide in this scenario.
- For Manual User Management, the administrator has to create and update users on Azure and your Atlassian Data Center or Server product by hand.
We do not recommend it. See our article on Manual User Management.
| Model/Function | Admin Effort | Pro's and Con's |
|---|---|---|
User Sync | Low |
|
| Just in Time Provisioning | Low, if no groups High, with Groups from Azure |
|
| Manual User Management | High |
|