Page tree
Skip to end of metadata
Go to start of metadata


How do i get a license?

Trial licenses and extension of existing trials are requested on Licenses are bought from Atlassian Marketplace or through your preferred Atlassian Expert. 

Can we extend our trial beyond 30 days?

Sure, here are direct links to where you can generate new licenses. 

Which license tier do I need when purchasing an add-on?

See Atlassian's licensing FAQ:

"Purchase the license tier that matches the number of users you have licensed for your host application. For example, if you have a 25-user Confluence license, purchase the Confluence add-on at the 25-user tier. 
The add-on will only function if its license matches or exceeds the tier of the host application – even if only some of your licensed users need to use the add-on."

For JIRA, the license has to match the highest application tier. If you have a 500-user JIRA Software license, and a 250-user Core license, then the license needs to be at the 500 level. 

JIRA ServiceDesk customers can log in with our add on for free since they are not counted against the user tier.


25 JIRA service desk agents and 10000 service desk customers = Kerberos 25 user license

50 JIRA service desk agents, 10000 service desk customers, 500 JIRA Software Users = Kerberos 500 user license

What happens when the trial expires?

Without a license our plugin will not log in users. Users are presented with the standard logon page. The Kerberos test page will still function, and will report whether a user can successfully log in or not. 


Can SAML and Kerberos work in combination?

Yes! When both SAML and Kerberos is configured, Active Directory joined devices can benefit from password-less SSO with Kerberos, while mobile phones and other standalone devices are offered SAML SSO.

Which Identity Providers do you support?

We have made step-by-step instructions for the most common IDPs. If you IDP is not listed, then choose "Any SAML 2.0 provider" in the setup wizard. 
If you want to add a vote for your IDP to be added to the setup wizard, don´t hesitate to reach out to us. 

Do we need to make any file system changes to offer SAML to mobile devices or JIRA Service Desk?

No, there is no need to make file system changes. Installing Kantega Single Sign-on will give you SSO to both JIRA and JIRA Service Desk. 

What is known domains?

Known domains is both a security feature, and enables the plugin to redirect the user to the correct IDP.

Lets say you have a user If is a known domain to one IDP, we can redirect the user to that IDP.
If is a known domain for two or more IDP, the user must choose. Remember to select a good name for your IDP.

If known domains is set to "Trust identity provider to login users from any domain", potentially, the IDP can authenticate users from another domain.

Can we add multiple Identity Providers?

Yes, add as many as you like!

Is logging in with mobile devices supported?

Yes, JIRA Mobile and Confluence Mobile clients are offered SAML login. 

Do you support SAML for JIRA Service Desk?

Yes, both JIRA Service Desk agents and customers are offered SAML login.

User Directories

How are SAML users mapped to accounts in User Directories?

The chosen SAML user name attribute are matched against existing user directories in the order they appear in the application itself. 

What user directories are supported?

Actually, all user directories are supported. Your users may reside in Internal User Directory, Active Directory, Crowd, atlassian-user.xml etc.

Can SAML login be bypassed?

Yes, adding ?nosaml to the login URL will present the standard username/password screen. 

Does application links work with our add-on?

Our add-on ignores does not affect how application links work. Because users don`t have to authenticate to each application, we recommend using OAuth Impersonation application links.

  • No labels