You are viewing the Kantega SSO legacy documentation. The new documentation site is: https://kantega-sso.atlassian.net/wiki/x/hwAb
Skip to end of metadata
Go to start of metadata

Remember My Login

Jira and Jira Service Desk dashboards and views frequently use XHR/REST calls to retrieve and update data. Unfortunately, the page logic generally doesn't handle session timeouts in a good way, with multiple screens that simply stop functioning and the only explanation to be found in the Browser's Javascript console.. Clicking menu items, links or buttons simply doesn't do anything, and the user has to manually refresh the page to trigger re-authentication to make things work again. 

If this is a problem for your users, you can mitigate it by enabling "Remember My Login" (RML) in Kantega Single Sign-on. This will make Jira remember all SSO users in the same way as if they had checked "Remember my login" during regular username and password authentication. Jira has a 5 hour session timeout by default. With RML enabled, users effectively stay logged in for two weeks by default, making session timeouts a far more rare occurrence. The caveat is that users now only need to check in with the IDP/SSO once every two weeks or so. You should consider if this is acceptable before deciding to enable RML for SSO. It may be a non-issue, but if your access control strategy relies heavily on the IDP allowing access at login-time, you probably do not want to enable RML for your SSO users.

Knowledge base

By integrating Jira Service Desk and Confluence, the customer portal can automatically provide links to relevant knowledge base content in Confluence. This allows users to troubleshoot and potentially solve the issue on their own, or at least to further refine the ticket.  

This technical quide explains how to Link a Confluence space to your Jira service desk.

Kantega Single Sign-on Enterprise supports logging in to Jira Service Desk (JSD) both with Kerberos and SAML identity providers, and both support agents and customers can benefit from single sign-on. 

There are several ways to tune the behaviour of logins into JSD. If you, for instance, would like to have Kerberos only from your LAN, you can set up IP address restrictions. Also, if you have multiple SAML identity providers you can setup redirection rules for users based on their email domain, user directory associations and group memberships.

Knowledge base permissions

Setup of Confluence as a knowledge base is very easy if the documentation is public and does not require authentication. However, this it not the case for many organizations. It is a common scenario that knowledge base articles should be available through the customer portal/service desk, but at the same time require authentication for users accessing this content in Confluence directly.

When you set up a Knowledge base, you get the default Jira Service Desk-specific permission of anonymous access as shown below:

If you are using SAML based login in Kantega Single Sign-on, you must keep this default setting for your Knowledge base space. The reason why is that when JSD opens a Knowledge base article for viewing, this is done in an IFRAME. Most SAML identity providers do not permit sourcing the login UI through an iframe.

If you would like to require a login to the Knowledge base space when users are visiting directly in Confluence, this can be achieved by the Forced SSO URLs feature (found in menu under Common).



  • No labels