Page tree
Skip to end of metadata
Go to start of metadata

Setup guide for adding Google GSuite login to Atlassian products.

This setup guides assumes that Kantega SSO in installed as an add-on to your Atlassian product (Jira, Confluence, Bitbucket, Bamboo, or FeCru).

Context: This setup starts in the Configuration page of the Kantega SSO add-on. This configuration page can be found by pressing "Configure" on "Kantega Single Sign-On (SSO)" in list of installed add-ons.


1. Click “Add new identity provider" and select “Google GSuite”

 


2. Create GSuite SAML app

Go to https://admin.google.com

Select Apps in the main menu


Select SAML apps in the apps settings.


Press the round "+" button to add a new SAML app:

Enable SSO for SAML Application:

Press "Select my own custom app" link of the dialog window:


Google IdP Information: 

On this step only click to download Google's IDP metadata.

You will upload this metadata file in the next step of this setup wizard.

Press NEXT. 


Basic Information for your Custom App

Use a descriptive name for your app, such as "JIRA". 

Then press NEXT.


Service Provider Details 

Copy the response URL from the setup wizard (back in the Kantega SSO configuration) into the ACS URL and Entity ID:

Leave other fields blank. Press NEXT


Attribute Mapping 

On this step, add the correct mapping for attributes givenName, surname and email.

All of the fields should be of type "Basic Information"


Then press FINISH. 


Enable the app for users

Make sure to set the "Service status" to "ON for everyone" on your GSuite SAML app.

If you want the Google login to only apply to a subset of the organization, you can choose "On for some". With this setting, users in other parts of the organization will be exposed with a "Service not enabled"-message after their username / password is given.


 You may now close the G Suite browser window.

3. Upload Metadata XML file.

Back in the setup wizard you can now press "Next" to get to the import step and upload the metadata file downloaded in step 5.

Press "Next" to proceed to the next wizard step.


4. Give the SAML integration a name in the "Location" step.

Press "Next" to proceed to the next wizard step.


5. Verify signing certificate

Press "Next" to proceed to the next wizard step.


6. Specify whether authenticated users pre-exist or need to be created at login.

Here, you can also assign default group memberships to users at login. (Groups can also be assigned to individual users according to Group Claims in the SAML response during login. This is configured in the "Group membership" setting available after the setup wizard. See step 11).

Press "Next" to summarize the setting and "Finish" to complete the wizard.

7. Testing/configuring the identity provider

After finishing the wizard, you will be sent to the test pages for verification of your setup. Here, you may also perform the last configuration parts. Follow this generic introduction to the test pages and final configuration. AD FS is used as the example here.



  • No labels