SAML Single Sign-On is designed to ensure secure and seamless access to Atlassian Data Center applications for enterprise users, regardless of their working location. It offers robust user management and scalability, allowing organizations to authenticate users against any identity provider (IdP) such as Okta, Entra (formerly Azure AD), AD FS, OneLogin, Google Cloud Identity, and PingOne, among others. The solution provides out-of-the-box configurations, a user-friendly configuration wizard, and automated setup via metadata, simplifying deployment. Key functionalities include flexible and automatic user provisioning and deprovisioning, ensuring accurate and up-to-date user information through both in-advance (via Cloud Identity Provider's API) and just-in-time updates during the SSO login process. It supports Open ID Connect/OIDC and SCIM 2.0 Connector for comprehensive user synchronization. The software also enables automatic user deactivation and reactivation, helping organizations save on unnecessary licenses while maintaining security. Users can map any attribute from the IdP to the Atlassian application, with powerful transformation presets, templates, and Groovy Scripts for advanced customization, including syncing user profile pictures. Furthermore, SAML Single Sign-On allows for the customization of access management automations, enabling administrators to define and synchronize group-based permissions without altering their IdP setup. It supports encryption for compliance with security regulations, offers branding options for user-facing pages, and ensures a full SSO experience on Atlassian mobile apps. A full REST API facilitates automated user management configuration. The solution provides granular control over SSO activation with custom URLs and a "No SSO Option" for temporary users, admins, or automations. It also allows selection between multiple identity providers, redirecting users based on input, email domain, or HTTP header, and prioritizing IdPs during migrations. The admin-friendly interface, developed with input from over 7,000 Atlassian administrators, includes diagnostic troubleshooting, debugging trackers, and the ability to test configurations without global activation.

Features & Benefits

• Authenticate Against Any Identity Provider
  • Provides out-of-the-box configurations for all major IdPs, simplifying integration.
  • Configuration wizard and tutorials per IdP
  • Automated Configuration via Metadata
  • Single Logout (SLO)
  • Supports social login (Facebook, LinkedIn, Twitter, GitHub, Apple, Atlassian cloud)
• Flexible, Automatic User Provisioning
  • Effortlessly provisions and deprovisions users, ensuring accurate and up-to-date user information.
  • In-advance automatic account creation via Cloud IdP API
  • Just-in-time updates during SSO login
  • Open ID Connect/OIDC support
  • SCIM 2.0 Connector
• Automatic User Deactivation and Reactivation
  • Optimizes license usage and enhances security by automatically managing user accounts.
  • Disable or delete users
  • Cleanup Inactive Users automatically
  • Automatic re-enablement upon user login attempt
• Map Any Attribute from the IdP
  • Allows flexible mapping of user attributes from the identity provider to Atlassian applications.
  • Attribute mapping
  • Powerful transformation presets & templates
  • Groovy Scripts for advanced customization
  • Sync user profile pictures
  • Use IdPs as a source in Linchpin and Communardo User Profiles
• Customize Access Management Automations
  • Define how to create and sync group-based permissions to grant appropriate access to every user.
  • Decide which groups should be synchronized without changing IdP setup
  • Default groups
  • Default groups for Jira Service Desk
• Encryption
  • Ensures compliance with security laws and regulations through customizable signing.
• Branding
  • Customize user-facing pages such as error pages, IdP selection, and logged-in page templates.
• Mobile App Supported
  • Provides a full SSO experience on Atlassian mobile applications.
• Full REST API
  • Enables automation of user management configuration.
• Custom URLs
  • Decide when SSO kicks in with force SSO URLs or non-SSO URLs.
• No SSO Option
  • Offers full control to bypass SSO for temporary users, administrators, or automations.
• Select Between Multiple Identity Providers
  • Allows administrators to decide how users are redirected to their relevant Identity Provider.
  • Configurable IdP selection page
  • Redirect users based on input, email domain, or HTTP header
  • Prioritize IdPs during migrations
• Admin-Friendly Interface
  • Developed with a community of Atlassian administrators to provide intuitive management tools.
  • Diagnostic troubleshooting and debugging tracker with login tracking
  • Testing configuration without global activation
  • Automatic re-enablement when the user tries to login again