UniFi Identity Enterprise - Add Atlassian Cloud as an SSO App
After adding Atlassian Cloud as an SSO App in Identity Enterprise, you can leverage the SSO App feature for centralized and secured user lifecycle management.
Requirements
To get started, ensure that:
- Your organization has subscribed to Atlassian Guard Standard.
- You're an admin for an Atlassian organization.
- Your domain has been verified with Atlassian.
- You only need to set up SAML once even if you have two different Atlassian Cloud tenants (for example, one for Jira and one for Confluence) as long as your users have the same email address associated with both.
Add Atlassian Cloud App to Identity Enterprise
- Go to your Identity Enterprise Manager > SSO Apps.
- Click the Add icon on the upper right corner and select Atlassian Cloud.
- Click Add. The Sign-On URL, Issuer, Fingerprint, and Public Certificate will be displayed. Do not close the page as you’ll need to copy and paste them in Atlassian when configuring SSO in Atlassian.
Configure SSO in Atlassian
- Sign in to the Atlassian admin console.
- Go to Security > SAML single sign-on and click Add SAML configuration.
- Fill in the required information:
- Identity provider Entity ID: Paste the Issuer from Identity Enterprise Manager.
- Identity provider SSO URL: Paste the Sign-On URL from Identity Enterprise Manager.
- Public x509 certificate: Open the public certificate downloaded from Identity Enterprise Manager, copy the entire content, and paste it into the field.
- Click Save configuration.
- In the “Information required by your Identity Provider” section, copy SP Entity ID for later use.
- You can refer to Configure SAML single sign-on with an identity provider for more details.
Configure SSO Settings in Identity Enterprise Manager
- Navigate back to Add Atlassian Cloud Page in Identity Enterprise Manager.
- Specify the following information:
- App name: Name this App.
- Display the following links: The selected links will be displayed in the users’ app gallery.
- (Optional) Default Relay State: The SAML default relay state is the destination to which the user will be redirected after they have completed the authentication process at the Identity Provider (IdP).
- Unique ID: Paste the SP Entity ID from Atlassian Cloud.
- Jira Base URL: Enter your Jira Base URL, for example,
https://[customer-name].atlassian.net
- Confluence Base URL: Enter your Confluence Base URL, for example,
https://[customer-name].atlassian.net/wiki
(append /wiki at the end of the URL to land on the Confluence dashboard upon sign-in).
- Click Add.
Test SSO Configuration
- Ensure that you have a user account in both Identity Enterprise Manager and Atlassian Cloud that uses the same email. You can create a test user, or you can use your own account if you choose.
- Assign the Identity Enterprise test user:
- Go to Identity Enterprise Manager > SSO Apps.
- Select the Atlassian Cloud app and go to the Assignments tab.
- Click the Add icon, search, and assign a user to test.
- Make sure that you are signed out of Atlassian Cloud.
- Test IdP-initiated:
- Sign in to Identity Enterprise Workspace using the test user’s account.
- Click Application in the left sidebar.
- Click Atlassian Cloud Jira or Atlassian Cloud Confluence. You should be signed in to Jira or Confluence.
- Test SP-initiated:
- Open your Jira or Confluence sign-in page and enter the test user’s email address.
- You will be redirected to the Identity Enterprise sign-in page, enter the test user’s credentials, and sign in to Jira or Confluence.
- If the test fails, see Troubleshoot your SAML configuration for details.