When choosing an identity provider, you are presented with a prepare-step with specific instructions on how to configure that provider.
The setup wizard has detailed steps for Azure Active Directory (Azure AD), Google G Suite/Google Apps, Okta, OneLogin, PingOne and Active Directory Federation Services (AD FS). All SAML 2.0 Identity providers are supported. See our guides for Other identity providers
After completing the setup wizard a test login must be performed. You are then presented with the SAML response and may choose your preferred user name attribute.
Adding an identity provider
Start by adding your preferred Identity provider (IDP). The difference between each IDPs is the prepare step.
If your identity provider is not listed, that just means that we have not made specific instructions for it. You can still add it by choosing "Any SAML 2.0 provider".
The easiest way to prepare AD FS is by using powershell. Simply copy the command and paste it into an elevated powershell window.
Make sure you are accessing the application using https.
Type the hostname of your AD FS server. Importing metadata by using the AD FS host name is recommended, as it allows for automatically updating certificates.
Choose a name for the IDP. The name will be displayed to end users. See picture below.
The imported certificates from the AD FS server is presented.
Choose whether your users pre exist, or if they shall be created upon login.
Review the IDP setup.
Testing/configuring the identity provider
The test page is anonymously accessible. This means that the identity provider admin does not need to have JIRA access at all.
You can also choose to be notified whenever there are test results available.
SSO test results
The SSO Test results page serves the purpose of inspecting the SAML response, and choosing the preferred user name attribute.
Based on your user directory configuration, users may or may not already exist. If the SAML response contains all the required attributes, users can automatically be created.
The user was found in user directory "Active Directory server", and can authenticate using SAML.
|The user was not found, but the SAML response contains all attributes needed to automatically create the user.|
After setting up SSO choose a redirect mode that best fit your use case.