Page tree
Skip to end of metadata
Go to start of metadata

Introduction

This guide provides step-by-step instructions on how to add Salesforce as an identity provider in JIRA using Kantega Single Sign-on. 
The guide can also be used when setting up SAML with Confluence, Bitbucket, Bamboo and FeCru.

Adding an identity provider

In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".

Prepare

  • Copy the ACS URL and save it for later
  • Go to the next step (Log into Salesforce)


Adding an app in Salesforce

Our guide uses the Salesforce Classic user interface.

In the upper right corner select your account and Switch to Salesforce Classic

Then select Setup.

New Connected App

  • Locate Build in the left menu
  • Select Create, then Apps

Create new Connected App

  • Under Connected apps, press New


Basic Information

  • Fill in the required fields

Web App Settings

  • Select Enable SAML
  • From the Prepare step:
    • Fill Entity ID
    • Fill ACS URL
  • Press Save, then Manage


Give permssions

  • Select Manage Profiles


  • Give users permission to log into the App (In this test we use the profile Force.com - Free User
  • Press Save

Metadata export

  • Under SAML Login Information press "Download the metadata"
  • Go back to Kantega Single Sign-on

Metadata import

  • Import the downloaded metadata 
  • Press Next

Location

  • Give the IDP a proper name
  • The SSO redirect URL is imported from the metadata
  • Press Next

Signature

  • Review the imported signing certificate (This step is purely informatinal)
  • Press Next

Users

  • Select whether users already exist or if you wish to have users automatically created upon login.
    • To automatically create users, Salesforce needs to send a Name and the email in addition to the user name attribute (Not covered in this guide)

Summary

  • Review the Summary
  • Press Finish

Identity Provider Login Test

It´s now time to perform a test login.

  • Copy the usertest URL
  • Open the URL in an in incognito window

Testing in an incognito window

  • The IDP test page is anonymously viewable
  • Press Run test


Perform a test login. (The user must have been granted permissions)

SSO test results

  • Go back to Test Results 
  • Select Results


Add example.com as a known domain. 


Choose the preferred SAML username attribute. Name ID is selected by default.

Redirect mode

After setting up SSO, choose a redirect mode that best fit your use case. 



Users should now be able to log into JIRA using their Salesforce account.



  • No labels