SSO for Atlassian
SAML for single sign-on (SSO) makes it possible for your users to authenticate through your company's identity service provider (in this case cidaas) when they log in to Atlassian cloud products.
SSO allows a user to authenticate once and then access multiple products during their session, without needing to authenticate with each product.
It is important to note that SSO will only apply to user accounts from your verified domains.
This page will help you with the steps to configure the Atlassian SSO set-up on cidaas. After this configuration, you will be able to use cidaas as an Extension for your Atlassian services.
If you are here, we assume you are already using Atlassian and would like to connect cidaas with your Atlassian instance.
The overall process includes:
- Activating the SAML provider option in your cidaas application.
- Getting the MetaData information from cidaas.
- Configuring SSO in the Atlassian Admin Console.
- Verifying your configuration details.
The Prerequisites for this set-up include:
- A registered domain on Atlassian.
- Atlassian Admin access.
- A cidaas instance.
How to Configure cidaas as an Extension
By configuring cidaas as an extension to Atlassian, you can login to the Atlassian Suite of Services with your cidaas credentials.
This document will guide you through the process which is quite easy!
You need to activate SAML in your cidaas application since Atlassian's integration to an External Identity Provider is based on SAML.
But, before you begin, you need to have an active application on cidaas for Atlassian SSO configuration.
If you have an existing application, you can move on to the next step. Otherwise, you'll need to create one.</p>
Please refer to the following steps to Create an Application on cidaas.
Creating a cidaas App
To get the signing certificate, login and logout URLs, you need to create an Application in cidaas.
Here are the steps to create an App using the cidaas administration interface, which is available after you sign up with cidaas.
1. Navigate to the cidaas Administrator dashboard -> Apps -> App Settings.
2. Click on the Create New App button.
3. Enter the app name and then select the App type as Single Page and click on the Next button.
4. Under App Settings, select email, openid, and profile as input values for Scope.
5. Next, select the Hosted Page Group value(s) from the dropdown list (optional). Otherwise, the value default is selected.
6. Provide the Redirect URLs and Allow Logout URLs links in the respective textboxes.
Then, click on the Next button to continue.
7. Under Company Details, type in the details for Company Name, Company Address, and Website URL. You could provide the values for other optional fields as well. Finally, click on the Submit button.
A success confirmation window appears when you click on the Submit button indicating that the application is created successfully.
8. Once the App is created, it appears in the Apps List under App Settings.
You are now ready to use this app and set up your Atlassian SSO on cidaas.
Activating the SAML Provider
The next logical step is to activate the SAML Provider for an existing cidaas application or the one you created in the previous section. You'll then need to add your Atlassian domain to the SP Metadata field on your cidaas application.
Steps to Activate the SAML Settings
1. Login with your Admin credentials on the cidaas Admin UI .
2. Click on Apps -> App Settings in the Dashboard (left) menu.
3. Select your app from the Apps list and click on the edit button.
Scroll down the App Settings page and click on the Advance Settings button.
4. Scroll down the Advance Settings section and click on the Enterprise Provider option.
Then, click on SAML Settings.
5. Next, turn on the Enable SAML IDP Provider switch which will display the SAML Meta Data URL value.
6. Once enabled, the SAML Settings options will appear. Click on the Save button to save your configuration.
This will display the following Success Confirmation window to indicate that the SAML configuration you've done is saved succesfully.
Getting the MetaData from cidaas
To configure Atlassian, you need to upload your Signing Certificate.
You can obtain this certificate by downloading it on cidaas.
Here are the steps to get the Metadata from cidaas which includes downloading the Signing Certificate for your cidaas application and getting the login and logout URLs.
Steps to get the MetaData from cidaas
1. Click on the View SAML button.
2. The following screen will appear. Click on Download Signing Certificate.
3. Collect the Login and Logout URLs of cidaas.
You will find the required URLs, if you click on the View SAML button which is right next to SAML Meta Data URL.
4. Copy the Login URL from SAML Meta Data URL to SSO URL for SAML in the Atlassian Admin Portal.
5. Copy the signing key fingerprint under SAML Settings.
6. You will get an XML file similar to the one given below. In this file, look for the content of following tags:
i. SingleSignOnService > Location
ii. SingleLogoutService > Location
where you'll find the values for the login and logout URLs.
7. Copy the SAML Metadata from the cidaas SP Metadata section under app settings.
8. Now, Single Sign On is activated for your application and you can login via SAML if you have it configured on the Atlassian Admin Console.
As an admin user, you can go to https://yourdomain.atlassian.com and you will be automatically redirected to the cidaas login page.
Configuring SSO in the Atlassian Admin Console
The next step is to configure SSO in the Atlassian Admin Console .
For this, you'll need to add the cidaas signing certificates to the security section of your Atlassian Admin Console.
This section covers the steps to upload the signing certificate and add the login and logout URLs obtained from cidaas (in the previous section) to your Atlassian Admin console.
Steps to Configure the Atlassian Admin Console
1. Login to https://admin.atlassian.com with your admin credentials.
2. Select your organization, then, select Security.
3. Select SAML single sign-on, then click Add SAML configuration.
4. Then, follow these steps:
Identity provider Entity ID: Enter your Identity provider Entity ID which you got from the SAML Settings of your cidaas app. This value is the URL for the identity provider where your product will accept authentication requests.
Identity provider SSO URL: Add the cidaas SingleSignOnService Location variable copied from the SAML settings of your cidaas app to the Identity provider SSO URL on Atlassian. This value defines the URL your users will be redirected to when logging in.
Public x509 certificate: Add the cidaas X509Certificate variable copied from the SAML settings of your cidaas app to Public x509 certificate on Atlassian. This value begins with '-----BEGIN CERTIFICATE-----'.This certificate contains the public key we'll use to verify that your identity provider has issued all received SAML authentication requests.
Finally, click on the Save Configuration button.
Create the Metadata for cidaas
1. Make a copy of your Unique ID value from the SP Entity ID field. For example, if your SP Entity ID is https://auth.atlassian.com/saml/a1b2c3d4, your Unique ID is a1b2c3d4.
2. Next, copy the SP Assertion Consumer Service URL field value.
3. Enter your X509Certificate, SP Entity ID and SP Assertion Consumer URL in the code below.
<?xml version="1.0" encoding="UTF-8" ?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="SP Entity ID"> <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>cidaas Signing-Certificate</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>cidaas Signing-Certificate</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="SP Assertion Consumer Service URL" index="1"/> </md:SPSSODescriptor> </md:EntityDescriptor>
4. Finally, enter the Metadata in your cidaas app under SP Meta Data and then, click on the Save button.
Yay! You have now completed the setup.
Verifying your Configuration
You can verify the configurations made on your Atlassian Admin Console with the following steps.
1. Access your service through https://yourdomain.atlassian.com.
2. You will be redirected to the cidaas Login UI.
3. Use any of the previously configured authentication methods of cidaas to login to your Atlassian application.
Congratulations! You are all set to use Atlassian SSO on cidaas.
If you face any issues while configuring Atlassian SSO on cidaas, please contact our support team for further assistance.