Setup guide for adding Bitium login to Atlassian server and datacenter products.
This setup guides assumes that Kantega SSO in installed as an add-on to your Atlassian product (Jira, Confluence, Bitbucket, Bamboo, or FeCru).
Context: This setup starts in the Configuration page of the Kantega SSO add-on. This configuration page can be found by pressing "Configure" on "Kantega Single Sign-On (SSO)" in list of installed add-ons.
Prior to this guide we have set up:
Adding an identity provider
In Kantega Single Sign-on add an identity Provider of the type "Any SAML 2.0 Identity Provider".
- Copy the ACS URL and save it for later (the ACS URL and Entity ID is identical)
- Go to the next step (Protect an Application in Duo)
Protect an Application in Duo
Log into Duo and select Applications, then Protect an Application
SAML - Service Provider
- Search for SAML - Service Provider
- Select Protect this application
Configure SAML Service Provider
- Give the Service Provider a name
- Paste the ACS URL from the Prepare step into the following fields:
- Entity ID
- Assertion Consumer Service
- Service Provider Login URL (if you want IDP initiated login)
- Press Save Configuration
- Scroll down to Settings and choose a proper name to be displayed to Duo Push users
- Save the changes
Download your configuration file
The json file is used when setting up issues.example.com in Duo Access Gateway
- Download the json configuration file
Configure the application in Duo Admin Console
Metadata export (optional)
If your JIRA server has direct access to the metadata from Duo Access Gateway you can skip to the next step (preferred)
If the JIRA server does not have access to the metadata URL, download the file
- Give the IDP a proper name
- The SSO redirect URL is imported from the metadata
- Press Next
- Review the imported signing certificate (This step is purely informatinal)
- Press Next
- Select whether users already exist or if you wish to have users automatically created upon login.
- To automatically create users, Duo needs to send a Name and the email in addition to the user name attribute (Not covered in this guide)
- Review the Summary
- Press Finish
Testing/configuring the identity provider
After finishing the wizard, you will be sent to the test pages for verification of your setup. Here, you may also perform the last configuration parts. Follow this generic introduction to the test pages and final configuration. AD FS is used as the example here.