This guide assumes you want to login to Jira with OpenID Connect (OIDC) and Amazon Web Services Cognito. If you're looking for SAML 2.0 or Kerberos, go here.
First follow these steps to configure Amazon Web Services Cognito as an IDP.
- Log in to https://console.aws.amazon.com
- Use the search field to navigate to the Cognito service.
- Click Manage User Pools.
- Click Create User Pool.
- Enter a name, and click Review defaults.
- Click Add app client..., and if prompted click Add app client again.
- Add an app client name. E.g. Kantega SSO OIDC. Leave the rest as-is. Click Create app client.
- Click Return to pool details. (Use CTRL+F if you don't immediately find it.)
- Click Create pool.
- In the menu on the left side of the page, click App client settings. Enter your Callback URL: YOUR_ATLASSIAN_URL/plugins/servlet/oidc/callback/.
- Check Authorization code grant and openid. Click Save changes.
- Navigate to Domain name. If you're not using your own domain, fill in the domain prefix field, click Check availability, then Save changes.
You have now configured AWS. Now you need to copy some information to configure Kantega SSO OpenID Connect.
- Navigate to General settings, copy the Pool Id.
- Your Discovery URL will be https://cognito-idp.REGION.amazonaws.com/POOL_ID/.well-known/openid-configuration. E.g.
- Navigate to App clients and click Show Details. Copy the App client id and App client secret.
You now have the information required to configure Kantega SSO OpenID Connect.
- In your Atlassian instance, navigate to YOUR_ATLASSIAN_URL/plugins/servlet/com.kantegasso.kyashar/
- Click Add new identity provider.
- Click Amazon Web Services.
- Enter any IDP Name.
- Enter the Discovery URL, Client ID and Client Secret determined in the previous steps.
- Click Next.
- Proceed to follow the instructions on-screen.