You are always welcome to reach out to our support team if you have any questions or would like a demo.
Why Cloud connectors
Kantega SSO allows users to sign in using their SAML identity providers or using Kerberos tickets from their Active Directory Domain.
However, user accounts must still exist in JIRA, Confluence or Bitbucket.
The traditional on-premise solution is to set up an Active Directory User Directory in the Atlassian application, and use that to sync users accounts and group memberships over LDAP.
Cloud providers such as Microsoft Azure, Google G Suite or Okta typically do not offer LDAP syncing.
So how do you get user accounts synced to your Atlassian products?
Kantega SSO version 3 introduces the new Cloud connectors feature, which solves exactly this challenge.
How does it work?
Azure, G Suite and Okta all offer their own REST APIs giving access to information about your users and grouups.
Since Atlassian do not support these APIs natively, we have created a bridge API which exposes the cloud provider APIs as Atlassian Crowd APIs.
Atlassian Crowd Server is not used to make this work, so you do not need to have a license for and data center this.
The Atlassian products communicate with Kantega SSO using the normal REST Crowd API.
Kantega SSO will take the responsibility of connecting to the cloud providers.
How do I set it up?
Kantega SSO provides customized instructions for connecting to Azure AD, Google GSuite or Okta:
Each cloud provider requires slightly different connection settings.
Here is an example showing how to connect to Google G Suite.
This requires your G Suite domain name, a JSON service key file and an admin account with API read permissions:
Once the connector is configured, we let you create a Crowd User Directory which will sync users and groups from the cloud provider.
Notice how we let you configure "Local Groups" permissions on the directory.
This allows users from Azure, G Suite or Okta to be added to local groups such as jira-software-users, confluence-users or bitbucket-users:
Once the Crowd User Directory has been cloud user provisioning syncronized, you can preview the users, groups and group memberships:
When you're happy with the setup, you enable the Crowd User Directory.
This makes user accounts and groups available in your application.