Below, you can find information to setup Keycloak with our SAML SSO app for Jira Server, Jira Data Center, Confluence Server, Confluence Data Center, Bitbucket Server, Bitbucket Data Center, and other Atlassian products.

If you need help or have questions, you can contact us via our help desk or book a free screen share session at https://resolution.de/go/calendly.

Step-by-Step Guides

Based on the user provisioning model you need, pick one of the following step-by-step guides.
See a comparison of each model in the table at the page bottom.

• Keycloak with User Sync
  Setting up User synchronisation with Keycloak, as well as authentication via SAML
• Keycloak with Just-In-Time Provisioning
  Setting up authentication via SAML with Keycloak and using Just-in-Time Provisioning to create/update User Accounts during login.
• Keycloak with Manual Provisioning
  Setting up authentication via SAML with Keycloak for Users that already exist in the Atlassian Server or Data Center product.

Some important notes:

Which Step-by-Step Guide should you pick?

Depending on your Atlassian product, you can choose from different user provisioning models. 

In general, with Keycloak we support the following ways for user provisioning:

1. Just in Time Provisioning allows to create and update users on-the-fly when they log in. See our detailed article for JIT.
2. For Manual User Management, the administrator has to create and update users on Okta and your Atlassian product by hand. 
   We do not recommend it. See our article for Manual User Management.
   
   

As of July 15th, 2019, Keycloak is supported by User Sync so that users can be periodically synced from it,
but also when they log in for the first time into your Atlassian Server or Data Center product. Read our detailed article for User Sync.

Usually we recommend User Sync for user provisioning, a documentation how to use it will be released very soon.