Atlassian Cloud has become very popular in the last couple of years. Atlassian Cloud offers very competitive pricing, especially for small user-tier applications. You can check out our article to see if Atlassian Cloud is a good option for you here – Atlassian’s Server License Discontinuation: What are your options?
Atlassian Access is an enterprise-grade subscription for enhanced security that provides centralized administration and governance. Atlassian Access SSO has security controls like SAML Single Sign On (SSO), User Lifecycle Management, Active Directory Sync, and many more. All these features spanning across all Cloud apps inclusive of Jira Software, Jira Service Management, Confluence, Bitbucket, Trello, and Statuspage spanning over organizations giving you the ability to use Jira SSO and Confluence SSO.
Single Sign-On into Atlassian Access allows users to authenticate to Atlassian Cloud products through your existing SAML Identity Provider giving you the ability to enable and use Atlassian Cloud Jira SSO and Atlassian Cloud Confluence SSO. Cloud SAML Single Sign On (SSO) provides employees with a simple and easy process for accessing the tools that they use and allows admins to enforce identity-related security controls at scale, making the task of securing large groups of users far simpler. What if users are present in OAuth or OpenID Provider? Will it still work? How will OAuth SSO and OIDC SSO be put to use? How can we connect Atlassian Cloud (SAML SSO modules) to OAuth/OIDC Providers? Is it even possible?
Yes! It is possible with miniOrange Identity Brokering Service.
miniOrange Identity Broker Service –
Identity brokering is a way to establish trust between any two applications like Atlassian Access SSO (SAML) and any OAuth/OIDC Provider that do not speak the same protocol and help them understand requests and responses. You can use both Cloud Jira SSO and Cloud Confluence SSO through one centralized miniOrange offering. Applications that do not communicate with each other using the same protocol are known as cross-protocol applications.
miniOrange Identity Brokering lets you connect and communicate with such cross-protocol applications. It acts as a bridge between applications and helps understand requests and responses. This will be equivalent to a language translator where translators understand one language and translate it into another language.
Using miniOrange Identity Broker Service, you can also connect multiple Providers or add user directories. You can enhance Atlassian Cloud security by enabling Secure login with Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA) in the miniOrange.
On the miniOrange side, you must configure
- Atlassian Access SAML SSO Application as a Service Provider and miniOrange as an Identity Provider
- OAuth or OIDC Provider as an Identity Source in miniOrange where miniOrange is the OAuth Client to enable OAuth SSO or OIDC SSO for easy login.
Once the connection is successful, you are good to go. You can refer to this document for end-to-end setup.
With this solution, you do not need to store users on miniOrange. The user login experience will be seamless moving from Atlassian Cloud to your OAuth SSO Provider or OIDC SSO Provider, where miniOrange will be running in the background. They will not see any miniOrange page or login screen in between, so users will not notice the integration with miniOrange. This is similar to users’ experience for Atlassian Access SSO when connecting to a SAML Identity Provider.
What do you think about this solution? Do you think this would be helpful for Cloud users trying to authenticate from an external OAuth Provider? Please drop us a mail at email@example.com or raise a ticket here to talk to us.