In your Atlassian product, open the in-product marketplace as described in the Atlassian documentation.
Search for "resolution saml" and click "Install" for SAML Single Sign On (SSO) by resolution Reichert Network Solutions GmbH. 


After the installation is complete, click on Manage, then choose Configure. 

Now, you are on the Add-on / app configuration page and the first step of the setup wizard will appear.

install_saml_sso

For the next steps, please go to Manage apps (or addons), choose SAML SSO and click Configure.

First Steps - Wizard

After you clicked "Configure", the Wizard will be triggered. If not, or if you want to add another Identity Prover (IdP) to your existing configuration, click on "+ Add IdP". This guide assumes, that there is no IdP configured.
The Wizard greets you with information, click on "Add new IdP" to proceed.

welcome_wizard_add_newidp

Select Google Cloud Identity for your identity provider and select OpenID Connect for the authentication protocol. Enter a unique name and click Next to continue. 

Go to https://console.cloud.google.com and login as an administrator.

Click the name of the current loaded project.

Click NEW PROJECT.

Enter a Project name and adjust the Organzization or Location options if needed.

Creating the project can take some seconds. When done, a notification popup will appear. Click SELECT PROJECT to switch to the just created project.

Now, we need to configure credentials and the consent screen. Click Credentials.

Click CONFIGURE CONSENT SCREEN. 

Select the User Type that is appropriate for your needs. Usually this will be Internal. Afterwards, click CREATE to continue.

On the next screen, fill out what's needed. Make sure to scroll down and add the Authorized domain(s). This is the domain of your Atlassian application, e.g. for bitbucket.resolution.de, the domain is resolution.de

Click SAVE AND CONTINUE.

As a last step, Google will display an overview upon the consent screen that you must acknowledge. 

Next, go back to the Credentials. 

Click CREATE CREDENTIALS and choose OAuth client ID.

Choose Web Application for the Application Type.

You can enter a name for Web client, but you do not need to. Important is to add the callback URL to the Authorized redirect URIs. Then click CREATE.

Google will now display both Client ID and Client Secret. Copy both into a text editor of your choice because we need again soon.

Back to the wizard in the Atlassian product, enter both the Client ID and the Client Secret that you've just created and copied, and click on Next.

Click Import Metadata.

You will see this message if the import was successful.

To finish the wizard, click Save and Close.

To test you configuration, go to the System & Support section of the app and scroll down to the Tracker List.

Click New Tracker. If you have more than one identity provider configured, you must choose which configuration should be used for the log in test.


Copy the test url and open the link an incognito web browser. If something goes wrong during the test, you can easily create a support ticket that includes this tracker by click Contact Support. Additionally, you can contact us by going to https://www.resolution.de/go/support or booking a free meeting via https://www.resolution.de/go/calendly.

Redirect to SSO

After a successful test, the next step is to configure the redirection. With the redirection setting, the app can automatically redirect users to log in via OpenID Connect.

Go change this setting, go to Redirection from the middle panel.

By checking Enable SSO Redirect, users will get redirected to the configured SSO provider for login. If you are running JSM, you find a second option below. 

Click Save to finish the configuration