Page tree

Upgrading to Jira 8? - Important notice: https://docs.kantega.no/pages/viewpage.action?pageId=57278555





Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Introduction

This guide provides step-by-step instructions on how to add AuthAnvil as an identity provider in JIRA using Kantega Single Sign-on.

The guide can also be used when setting up SAML with Confluence, Bitbucket, Bamboo and FeCru.

Add a new Application

Navigate to SSO Manager and press the green plus at the bottom right, then select the paper icon.

 


From the Library, add a Custom Application.

Application Configuration 

  • Start by giving your application a name.
  • Select your preferred authentication policy.

Adding an identity provider

In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".


Prepare

Copy the ACS URL and Entity ID. These values are used in the next step.

Protocol Setup

  • In AuthAnvil, navigate to "Protocol Setup".
  • Paste the values from the prepare step into the corresponding fields.
  • Press "Add application". 

Attribute Transformation

By default, AuthAnvill will only send the Name ID SAML attribute.

If you want automatic user creation, the attributes email and DisplayName must be added. 

  • In "Attribute Transformation" Press Add custom Attribute Map". 
  • Add your preferred attributes. (See example below.)
  • Save the changes.

Permissions

Select which users should be able to log into the SAML application.

  • Navigate to Permissions.
  • Press "Add Groups" to Assign permissions to the application.
  • Select an already existing group or create a new one.
  • Save the changes.

Federation Metadata

  • Go to Protocol Setup.
  • Press "View Federation Metadata".
  • Copy the metadata URL that opens and save it for the next step.

Metadata import

  • In Kantega Single Sign-on, go to the metadata import step.
  • Paste the metadata URL from the previous step.
  • Press Next.

Location

  • Give the Identity Provider a name. (This name is visible to end users.)
  • The SSO Redirect URL is automatically imported from the metadata.
  • Press Next.

Signature

  • Review the imported signing certificate (This step is purely informational)
  • Press Next.

Users

  • Select whether users already exist or if you wish to have users automatically created upon login.
  • Note that for users to be created, a name, username and an email must be sent in the SAML response. (See previous insctrucions.)
  • Optionally assign a default group for new users.

Summary

  • Review the Summary.
  • Press Finish.

Testing/configuring the identity provider 

  • The test page is anonymously accessible. This means that the identity provider admin does not need to have JIRA access to perform the login test.

  • Open the login test URL in a private / incognito browser window and perform a test logon 


The following shows a successful login test. 

SSO test results

  • After a test logon is performed, go back to Test Results and select Results


  • Add the domain as a known domain 



Redirect mode

After setting up SSO choose a redirect mode that best fit your use case. 

Users should now be able to log into JIRA using their AuthAnvil account.




  • No labels