Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Having Doubts in Setting up Access with Azure AD and Jira SAML SSO ?

Santhosh Raj
Santhosh Raj April 24, 2024

Can anyone help me explaining how can we integrate Azure AD(Entra ID) with our Jira.
I think Jira is Updated now and Administration in Security seems new and it has no videos in Atlassian You tube Channel.

Also it is asking new option like Add Domain and more things like that.

So any clear way for achieving both things?
Is there step by step for claiming Domain and integrating with Jira and Azure AD by SAML Single SSO Sign In

For Example:
If we add a domain "xyz.com" and its in unverified status, will it active after 72hrs or do we need to update anything to get it verified ?

Answer
Watch
Like Be the first to like this
139 views

1 answer

0 votes
Brian Call
Brian Call
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 25, 2024

Hi Santhosh,

I am currently in the process of finishing SSO with Entra in my organization. There were several questions that I had to research as well because all of the pieces to the puzzle didnt match up easily. I will explain what I have learned and hopefully it will answer some of your questions.

 

Steps:

1. Verify your domain.  This looks like an optional step because you can get to the SSO configuration screen without doing this. However, you won't be able to manage user accounts or create a policy to enforce SSO until you verify your domain. Pretty sure you need to verify your domain for this to work, but I could be wrong.

Why is this important? This allows you to control password resets, correct usernames, set up 2 factor authentication, and more.

Note: You will have to add the TXT record to DNS and then wait for verification. It states that this could take 72hours.

 

Domain Verification(in this document):

Setting up Atlassian Access | Atlassian

 

2. Create an Enterprise Application in Entra. After creating that application, you can then assign the user group that will be allowed to use SSO. The link below will help take you through the whole process. Note: Do it after hours or when your users aren't going to be using Jira. There may be an interruption to users trying to sign in.

Tutorial: Microsoft Entra SSO integration with Atlassian Cloud - Microsoft Entra ID | Microsoft Learn

 

3. Create a new policy in Atlassian for your user that will be allowed to use SSO. I recommend adding a single user to both your AD Users group and your new policy to test the user experience. Have another account not in your SSO policy and compare the differences. Can both users get to Atlassian ok?

Single Sign-on Screen:

Log in with SAML single sign-on | Atlassian Support

 

4. Add your users in AD and the SSO policy group. Decide if you are going to enforce SSO or not for all users.

 

Lastly, If you have multiple domains you can setup separate instances in Entra. 

 

Additional reference:

Configure SAML single sign-on with an identity provider | Atlassian Support

 

Hope that helps.

Brian C

Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events