IDaaS Open Platform

JIRA & Confluence Single Sign-On

Single Sign-On SSO

# Description

This article describes how to configure Single Sign-On between JIRA or Confluence (version 7.0 and above) with built-in SSO 2.0 and IDaaS.

# Authentication Configuration

# Obtain IDaaS IDP Service Configuration

  1. Administrator logs into the IDaaS Enterprise Center, navigates to Settings -> Service Configuration -> IDP Configuration.
  • IDP EntityId: Identity Provider Entity ID
  • SSO URL: Identity Provider Single Sign-On URL
  • IDP Certificate: X.509 Certificate

# Configure SSO for Confluence

  1. Administrator logs into the Site Administration interface, selects SSO 2.0.

  2. Configure user login method, select SAML Single Sign-On for Authentication Method.

# Configure SSO for Jira

  1. Administrator logs into the site, clicks Settings -> System -> Authentication Methods

  1. Click Add Configuration, select SAML Single Sign-On for Authentication Method.

Parameter Description
Identity Provider Entity ID IDP EntityId
Identity Provider SSO URL SSO URL
X.509 Certificate IDP Certificate
Username Mapping NameID, the username returned by IDaaS can be referenced via ${NameID}
Assertion Consumer Service URL Automatically generated, Assertion Consumer Service (ACS) URL
Audience URI (Entity ID) Automatically generated, SP Entity ID / Audience URI
JIT Configuration Create user upon application login, not selected by default. If selected, users are automatically created and updated in JIRA or Confluence when logging in via SSO. See JIT User Configuration for details.
Remember User Login Save successful login history and automatically log users in without verification.
Login Mode Select to use SAML as secondary authentication, retaining the original login entry.

# Add JIRA or Confluence Application in IDaaS

  1. Administrator logs into the IDaaS Enterprise Center, navigates to Resources -> Applications -> Add Pre-integrated Application, searches for and adds JIRA or Confluence.

  1. Configure application authentication parameters.

Parameter Description
SP Entity ID Audience URI (Entity ID)
Assertion Consumer Service (ACS) URL Assertion Consumer Service URL
Name ID Select Application Account
NameID Format Select default
Audience URI Audience URI (Entity ID)
Single Logout URL Leave blank
Default Relay State Leave blank
Response Signature No
Assertion Signature Yes
Digital Signature Algorithm Default RSA_SHA256
Digital Digest Algorithm Default SHA256
Assertion Encryption No
Verify Request Signature No
  1. Configure mappings. Go to Application Details - Authentication Configuration - Mapping Configuration, and add mappings.

  • email: User Email

  • NameID: Username

  1. Authorize users. Go to Authorization Management - Application Accounts - Add Account. The account name should be consistent with the account name in JIRA or Confluence.

# Login Verification

Log in to the IDaaS User Center, click on the application logo to single sign-on into the application system.

JIRA & Confluence JIT Configuration