Important Update Effective February 1, 2024!
Due to recent changes in Jira and Confluence, we've made the tough decision to discontinue the OpenID Connect (OIDC)/OAuth app and no longer provide new versions for the newest Jira/Confluence releases as of January 31, 2024.
This is due to some necessary components no longer shipping with Jira/Confluence, which would require some extensive rewrites of the OIDC App.
Important Update! This app will be discontinued soon!
Due to recent changes in Jira, which no longer ships with some components required for our Read Receipts app to run, we've made the tough decision to discontinue the app, as of Februar 5, 2025.
Important Update! This app will be discontinued soon!
We've made the tough business decision to discontinue the app, as of January 11, 2025.
Azure AD B2C
Below, you find information to set up Azure AD B2C and our apps. If you need help or have questions, you can contact us via our helpdesk or book a free screen share session at https://resolution.de/go/calendly.
We recommend using OpenID Connect with Azure AD B2C, since it works with the native User Flows that Azure AD B2C provides. For Azure AD B2C, SAML only works with Custom Policies, which you would need to write and configure yourself.
Based on your user provisioning model, pick one of the following step-by-step guides.
In most cases, we recommend using Azure AD B2C with User Sync.
Step-By-Step Guides for OpenID Connect
- Azure AD B2C with User Sync
Setting up User synchronization with Azure AD B2C, as well as authentication via SAML - Azure AD B2C with Just-in-Time Provisioning
Setting up authentication via SAML with Azure AD B2C and using Just-in-Time Provisioning to create/update user accounts during login. - Azure AD B2C with Manual Provisioning
Setting up authentication via SAML with Azure AD B2C for users that already exist in the Atlassian product.
Step-By-Step Guides for SAML2
- Azure AD B2C with User Sync
Setting up User synchronization with Azure AD B2C, as well as authentication via SAML - Azure AD B2C with Just-in-Time Provisioning
Setting up authentication via SAML with Azure AD B2C and using Just-in-Time Provisioning to create/update user accounts during login. - Azure AD B2C with Manual Provisioning (SAML)
Setting up authentication via SAML with Azure AD B2C for users that already exist in the Atlassian product.
Some important notes:
- User Sync functionality is currently only available for Jira, Confluence, Bitbucket & Bamboo.
- Fisheye only supports Manual User Management.
Which Step-By-Step Guide You Should Pick?
Depending on your Atlassian product, you can choose from different user provisioning models. We recommend using User Sync, since it is easy to set up and maintain.
In general, with Azure AD B2C we support the following ways for user provisioning:
- User Sync allows to sync users periodically from Azure AD B2C, but also when they log in for the first time into your Atlassian product. See our detailed article for User Sync.
- Just in Time Provisioning allows to create and update users on-the-fly when they log in. A drawback for syncing groups from Azure is, that only group ids and no group names are sent. See our detailed article for JIT.
- LDAP synchronization from Active Directory. If your instance is still synchronized to your Active Directory via LDAP, you can continue to do so. Please follow the "Manual User Management" guide in this scenario.
- For Manual User Management, the administrator has to create and update users on Azure and your Atlassian product by hand.
We do not recommend it. See our article for Manual User Management.
| Model/Function | Admin Effort | Pro's and Con's |
|---|---|---|
User Sync | Low |
|
| Just in Time Provisioning | Low, if no groups High, with Groups from Azure |
|
| Manual User Management | High |
|