Okta

How to Configure SAML 2.0 for Atlassian Cloud


NOTES

Atlassian Cloud now supports SCIM, for configuration information, see Atlassian's Configure user provisioning with Okta. If you need further information, contact Atlassian Support at support@atlassian.com.

Contents


Supported Features

The Okta/Atlassian Cloud SAML integration currently supports the following features:

For more information on the listed features, see the Okta Glossary.


Before You Begin


Configuration Steps

  1. Log in to https://admin.atlassian.com as an administrator.

  2. Select your organization, then select Security > Identity Providers.

  3. Select Okta from the list of providers.

  4. Select your Directory.

  5. Under Authenticate users, select Set up SAML single sign-on. This opens the SAML configuration wizard.

  6. On the Before you begin step, click Next.

  7. On the Add SAML details step, enter the following:

    • Identity provider Entity ID:

      Sign in to the Okta Admin Console to generate this variable.

    • Identity provider SSO URL:

      Sign in to the Okta Admin Console to generate this variable.

    • Public x509 certificate:

      Sign in to the Okta Admin Console to generate this variable.
    • Click Next.

  8. On the Copy URLs to your identity provider step, copy your Unique ID value from the SP Entity ID field.

    For example, if your SP Entity ID is https://auth.atlassian.com/saml/a1b2c3d4, your Unique ID is a1b2c3d4

  9. Click Next.

  10. On the Link a domain to your identity provider directory step, select your Domain to link.

  11. On the Save and continue step, click Stop and save SAML.

  12. In Okta, select the Sign On tab for the Atlassian Cloud SAML app, then click Edit:

    • SAML Attributes (optional):

      • By default Okta supports the following SAML attributes that are mandatory for JIT:

        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

      • You can configure additional attributes and their values (mappings) under the Attributes (Optional) section of SAML.

    • Enter your Unique ID value (step 8) into the corresponding field.

    • Jira Base URL: Enter your Jira Cloud base URL.

      For example: https://[your-subdomain].atlassian.net

    • Confluence Base URL: Enter your Confluence Cloud base URL.

      For example: https://[your-subdomain].atlassian.net/wiki (append /wiki to the end of the URL to land on the Confluence dashboard upon signing in).

    • Statuspage Base URL: Enter your Statuspage base URL.

      For example: https://manage.statuspage.io

    • Click Save.

  13. Done!


Notes

The following SAML attributes are supported:


SP-initiated SSO

  1. Go to: https://[your-subdomain].atlassian.net

  2. Enter your email, then click Continue.