Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
OneLogin with User Sync
Goal
After completing this setup guide, you will have setup OneLogin and your Atlassian product for the SAML SSO app and also User Sync. Additionally, you will enable the SSO redirection and test SSO.
Prerequisites
To use the SAML SSO app with OneLogin, you need the following:
- An OneLogin subscription
- A (trial) subscription for the SAML SSO app
- Admin access to your Atlassian product
Video Guide
Step-By-Step Setup Guide
Install the SAML SSO App
In your Atlassian product, open the in-product marketplace as described in the Atlassian documentation.
Search for "resolution saml" and click "Install" for SAML Single Sign On (SSO) by resolution Reichert Network Solutions GmbH.
After the installation is complete, click Manage Apps/Addons.
Configure User Sync
First, login into your OneLogin domain and click Administration.
Next, hoover over DEVELOPERS and click API Credentials.
Then, click NEW CREDENTIAL.
Please provide a Name and choose Read Users. Click Save to continue.
Please copy & paste the Client Secret and the Client ID to a text editor of your choice.
Now, go to your Atlassian product and navigate to the User Sync settings. Click Add Connector and choose OneLogin.
Please enter the Client ID and die Client Secret. Please also choose the Base URL of your OneLogin account. Next, please choose what to sync for the groups. You can sync the Groups from member_of (in case you have an external connector integrated to OneLogin), groups from (the OneLogin) roles, and you can sync the OneLogin group of a user.
To take full advantage of User Sync, click on the Sync Settings tab and Enable Scheduled Synchronization.
You can control the sync interval with the modal but also by editing the Cron expression.
Do not forget to save your configuration. Scroll down to the bottom of the page and press Save or Save and Return.
You are now ready to toggle a full sync. Simply click the "Sync" button.
Configure SAML SSO
For the next steps, please go to Manage apps (or addons), choose SAML SSO and click Configure.
After you clicked "Configure", the Wizard will be triggered. If not, or if you want to add another Identity Prover (IdP) to your existing configuration, click on "+ Add IdP". This guide assumes, that there is no IdP configured.
The Wizard greets you with information, click on "Add new IdP" to proceed.
For the IdP Type, choose "OneLogin". You can also choose a name. Click on "Next" to continue.
In the next step, you will configure OneLogin. Please keep this tab open or copy the information.
Create and Configure An OneLogin App for SAML SSO for Atlassian Data Center or Server
Adding an Application for the SAML SSO App
Log into the OneLogin Portal as an admin. Go to Applications > Add Apps, search for Resolution SAML, and select it.
On the initial Configuration tab, click Save to add the app to your Company Apps and display additional configuration tabs. When you click Save, the Info tab appears.
Go to the Configuration tab and enter your Base URL (you only need to enter your subdomain). Click Save.
Afterwards, the following section will be checked
- Parameters
Access
In our test setup, we will not change the value.
One important configuration part is the Access. You have the possibility to allow the access to the application on a Role-based policy. In our documentation, we will use the Role → Default (this means that everyone who is a part of the Default role has access to the application).
The next step is to copy the SAML Metadata. Just go to More Actions → SAML Metadata. It’s enough to hover over SAML Metadata, do a right mouse click and choose Copy Link Location.
Finishing the Configuration - Wizard
Now, you will paste the App Federation Metadata URL you have obtained before. Paste the App Federation Metadata URL in the "Metadata URL" text field.
You can also configure the plugin without the metadata XML URL. Please choose another option from the dropdown menu and proceed as the wizard guides you.
Afterwards, click on "Import".
Click on "Next" to continue.
User Creation and Update
For the User Update Method choose Update with UserSync-Connector. If you additionally want to use the SAML attributes as sent by your identity provider, choose the corresponding option.
For UserSync-Connector, choose the one you have created before.
Click "Save & Next" to continue.
Testing SSO
The wizard also allows to test the Single Sign On. Just follow the steps to test if the login works as expected.
Click on "Start test" to proceed.
Copy the orange marked link and open a new incognito/private tab or a different web browser. Then, paste the link and navigate to it.
SSO Redirection
As a last step, you can set the Enable SSO Redirect option. If set, all users will be redirected to Single Sign On, thus they will be logged in via the IdP. Click on Save & Close to finish the configuration.
