You are viewing the Kantega SSO legacy documentation. The new documentation site is:
Skip to end of metadata
Go to start of metadata

Bilderesultat for duo logo

Setup guide for adding Bitium login to Atlassian server and datacenter products.

This setup guides assumes that Kantega SSO in installed as an add-on to your Atlassian product (JiraConfluenceBitbucketBamboo, or FeCru).

Context: This setup starts in the Configuration page of the Kantega SSO add-on. This configuration page can be found by pressing "Configure" on "Kantega Single Sign-On (SSO)" in list of installed add-ons.

Prior to this guide we have set up:

Adding an identity provider

In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".


  • Copy the ACS URL and save it for later (the ACS URL and Entity ID is identical)
  • Go to the next step (Protect an Application in Duo)

Protect an Application in Duo

Log into Duo and select Applications, then Protect an Application

SAML - Service Provider

  • Search for SAML - Service Provider
  • Select Protect this application

Configure SAML Service Provider

  • Give the Service Provider a name
  • Paste the ACS URL from the Prepare step into the following fields:
    • Entity ID
    • Assertion Consumer Service
    • Service Provider Login URL (if you want IDP initiated login)
  • Press Save Configuration


  • Scroll down to Settings and choose a proper name to be displayed to Duo Push users
  • Save the changes

Download your configuration file

The json file is used when setting up in Duo Access Gateway

  • Download the json configuration file

Configure the application in Duo Admin Console

Metadata export (optional)

If your JIRA server has direct access to the metadata from Duo Access Gateway you can skip to the next step (preferred)

If the JIRA server does not have access to the metadata URL, download the file

Metadata import


  • Give the IDP a proper name
  • The SSO redirect URL is imported from the metadata
  • Press Next


  • Review the imported signing certificate (This step is purely informatinal)
  • Press Next


  • Select whether users already exist or if you wish to have users automatically created upon login.
    • To automatically create users, Duo needs to send a Name and the email in addition to the user name attribute (Not covered in this guide)


  • Review the Summary
  • Press Finish

Testing/configuring the identity provider

After finishing the wizard, you will be sent to the test pages for verification of your setup. Here, you may also perform the last configuration parts. Follow this generic introduction to the test pages and final configuration. AD FS is used as the example here.

  • No labels