Page tree
Skip to end of metadata
Go to start of metadata

Setup guide for adding Okta login to Atlassian products.

This setup guides assumes that Kantega SSO in installed as an add-on to your Atlassian product (JiraConfluenceBitbucketBamboo, or FeCru).

Context: This setup starts in the Configuration page of the Kantega SSO add-on. This configuration page can be found by pressing "Configure" on "Kantega Single Sign-On (SSO)" in list of installed add-ons.


1.Click “Add new identity provider" and select “Okta

2: Go to Okta's Admin console, select "Classic UI" and then Application


Click the "Admin" button in the header.

Click Developer Console up to the right and select Classic UI:

Click the "Applications" link in the header.

 

3: Click "Add application", then "Create New App"

In the application page, click "Add Application"


Then, click "Create New App"

4: Choose "Web" as platform and "SAML 2.0" as sign on method

Press "Create".

5: Enter an app name in General Settings

Optionally upload a logo, click "Next".

6: Fill the Single Sign On URL and Audience URI fields in SAML Settings

Copy the response URL from the setup wizard (back in the Kantega SSO configuration) into the fields "Single sign on URL" and "Audience URI (SP Entry ID)".

7: Set up custom attributes

In "Attribute statements", set up the following attributes:

  • givenName with format Unspecified and value user.firstName
  • surname with format Unspecified and value user.lastName
  • email with format Unspecified and value user.email


Click Next, then Finish

8: Copy the Identity Provider metadata link to the clipboard

Right click on the "Identity Provider metadata" link (see illustration above) and copy the URL to your clipboard. You will need this link in the next step of this wizard.

9: Assign People and/or Groups to your app

Now Okta users needs be assigned to (which means to get access to) your application.

Click the "Assignments" tab.


Further, when you click the green "Assign" button, you can choose to assign users individually or through their group memberships.


To assign a group to your application:

  • Select "Assign to Groups"
  • Find the group(s) you want to assign to your application and click "Assign" button on these. This might also be the group Everyone if all should have access.
  • Click "Assign"
  • Click "Done" button when you are finished assigning.

To assign people individually:

  • Select "Assign to People"
  • Find the people you want to assign to your application and click "Assign" on these.
  • Click "Save and Go Back" button for each step
  • Click "Done" button when you are finished assigning all people.

10. Upload Metadata XML file.

Back in the setup wizard you can now press "Next" to get to the import step and upload the metadata file downloaded in step 5.

Press "Next" to proceed to the next wizard step.

11. Give the SAML integration a name in the "Location" step.

Press "Next" to proceed to the next wizard step.

12. Verify signing certificate

Press "Next" to proceed to the next wizard step.

13. Specify whether authenticated users pre-exist or need to be created at login.

Here, you can also assign default group memberships to users at login. (Groups can also be assigned to individual users according to Group Claims in the SAML response during login. This is configured in the "Group membership" setting available after the setup wizard. See step 11).

Press "Next" to summarize the setting and "Finish" to complete the wizard.

14. Testing/configuring the identity provider

After finishing the wizard, you will be sent to the test pages for verification of your setup. Here, you may also perform the last configuration parts. Follow this generic introduction to the test pages and final configuration. AD FS is used as the example here.




  • No labels