Atlassian Cloud now supports SCIM, for configuration information, see Atlassian's Configure user provisioning with Okta. If you need further information, contact Atlassian Support at support@atlassian.com.
The Okta/Atlassian Cloud SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
You only need to set up SAML once even if you have two different Atlassian Cloud tenants (for example, one for Jira and one for Confluence) as long as your users have the same email address associated to both.
Then do the following:
Create an organization. See Set up an Atlassian organization.
Verify one or more domains, to confirm you own them. See Verify a domain for your organization. When you verify a domain, all the Atlassian accounts that use email addresses from the verified domain become managed by your organization.
Subscribe to Atlassian Access.
Before configuring SAML single sign-on, create an Atlassian account that you can use to access your organization even if SAML has been mis-configured.
This account:
Must not use an email address from a domain you have verified for this organization. This ensures that the account will not redirect to SAML single sign-on when you log in.
Must be given both site admin and organization admin access.
Log in to https://admin.atlassian.com as an administrator.
Select your organization, then select Security:
Select SAML single sign-on, then click Add SAML configuration:
Then follow the steps below:
Identity provider Entity ID: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Identity provider SSO URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Public x509 certificate: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Click Save configuration:
Make a copy of your Unique ID value from the SP Entity ID field.
For example, if your SP Entity ID is https://auth.atlassian.com/saml/a1b2c3d4, your Unique ID is a1b2c3d4
In Okta, select the Sign On tab for the Atlassian Cloud SAML app, then click Edit:
SAML Attributes (optional):
By default Okta supports the following SAML attributes that are mandatory for JIT:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
You can configure additional attributes and their values (mappings) under the Attributes (Optional) section of SAML.
Enter your Unique ID value (step 5) into the corresponding field.
Jira Base URL: Enter your Jira Cloud base URL.
For example: https://[your-subdomain].atlassian.net
Confluence Base URL: Enter your Confluence Cloud base URL.
For example: https://[your-subdomain].atlassian.net/wiki (append /wiki to the end of the URL to land on the Confluence dashboard upon login).
Statuspage Base URL: Enter your Statuspage base URL.
For example: https://manage.statuspage.io
Click Save:
Done!
The following SAML attributes are supported:
Name | Value |
---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.firstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.lastName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | user.id |
Go to: https://[your-subdomain].atlassian.net
Enter your email, then click Continue: