SAML Single Sign On Setup Guides for SAML SSO Current: Keycloak Keycloak Below, you can find information to setup Keycloak with our SAML SSO app for Jira Server, Jira Data Center, Confluence Server, Confluence Data Center, Bitbucket Server, Bitbucket Data Center, and other Atlassian products.If you need help or have questions, you can contact us via our help desk or book a free screen share session at https://resolution.de/go/calendly.Step-by-Step GuidesBased on the user provisioning model you need, pick one of the following step-by-step guides.See a comparison of each model in the table at the page bottom.Keycloak with User SyncSetting up User synchronisation with Keycloak, as well as authentication via SAMLKeycloak with Just-In-Time ProvisioningSetting up authentication via SAML with Keycloak and using Just-in-Time Provisioning to create/update User Accounts during login.Keycloak with Manual ProvisioningSetting up authentication via SAML with Keycloak for Users that already exist in the Atlassian Server or Data Center product.Some important notes:Which Step-by-Step Guide should you pick? Depending on your Atlassian product, you can choose from different user provisioning models. In general, with Keycloak we support the following ways for user provisioning:Just in Time Provisioning allows to create and update users on-the-fly when they log in. See our detailed article for JIT.For Manual User Management, the administrator has to create and update users on Okta and your Atlassian product by hand. We do not recommend it. See our article for Manual User Management. As of July 15th, 2019, Keycloak is supported by User Sync so that users can be periodically synced from it, but also when they log in for the first time into your Atlassian Server or Data Center product. Read our detailed article for User Sync.Usually we recommend User Sync for user provisioning, a documentation how to use it will be released very soon. Model/FunctionAdmin EffortPro's and Con'sJust in Time ProvisioningMediumCreates & Updates users based on information in the SAML Response during LoginUsers are only created on their first Login.Users & Groups are updated only during SAML authenticationManual User ManagementHigh Here no sync between Keycloak and Atlassian application happensNeeds manual maintenance of two user bases (or is done via custom developments).User SyncLowUses Keycloak API to perform regular syncUsers and groups created & updated shortly after done in KeycloakUsers in Atlassian applications can be disabled as a result of a sync, saving licensesAdditional attributes can be written to Jira user properties SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.