目的

Confluence Data Center is bundled with the SSO for Atlassian Server and Data Center App – we will refer to it simply as Atlassian SSO App in the remainder of this document.

With this App, Confluence administrators can configure SSO using SAML 2.0 or OIDC with your preferred Identity Provider (IdP). Check SAML single sign-on for Atlassian Data Center applications for further details on supported IdPs and more information on the SSO App.

This document highlights the steps to integrate Confluence Data Center with Microsoft Azure for SSO using SAML 2.0.

This document is not intended to be a full reference guide, since you may need to change Azure or Confluence configuration to your organization's needs. Hence, this describes a sample configuration to have it working.

要約

This is a guide to easily integrate Confluence (Service provider) with Azure (Identity provider IdP).  Each requires their own specific configurations and we'll outline these below.  If there are specific settings that need to in place and which are out of scope of this page, please check those with your IdP admins.

In order to use SSO for Atlassian Server and Data Center to authenticate against Microsoft's Azure AD, we need to create an Enterprise Application in the Azure management console. In this article, we'll use the pre-set Confluence SAML SSO by Microsoft from the Azure library.

環境

• Confluence 6.1+
• Azure Active Directory

Integration Steps

1. Access your Azure Active Directory and select Enterprise applications
   
   
   
   
2. Select New application and find "Confluence SAML SSO by Microsoft" from the gallery
   
   
   
   
3. Create a name to your application and click Add. You should see your new application like this:
   
   
4. Now we'll get some information from Confluence. Login your Confluence Data Center using an Admin account and head to General Configuration > Authentication Methods (also known as SSO 2.0 on Confluence v7.15 and earlier versions) under USERS & SECURITY.
   
   
5. Scroll down until you see the following lines. Copy and save them to use in the Azure portal:
   
6. Back in Azure, open your Enterprise Application, select 2. Set up single sign on, then choose SAML.
   
   

7. Click to edit the Basic SAML Configuration fields and use the information copied from Confluence.

   Azure	Confluence
   Identifier (Entity ID)	オーディエンス URL (エンティティ ID)
   Reply URL (Assertion Consumer Service URL)	アサーション コンシューマー サービス URL
   サインオン URL	アサーション コンシューマー サービス URL

   
   
   
   

8. Still in the Azure SAML settings, download the Certificate (Base64 encoding) and copy the Login URL and Azure AD Identifier
   
   
   
   

9. Go back to the Confluence Authentication Methods screen and use the information copied from Azure. Click Save configuration when finished.
   
   

   Azure	Confluence
   Login URL	アイデンティティ プロバイダー シングルサインオン URL
   Azure AD Identifier	シングルサインオン発行者
   Certificate (Base64)	X.509 証明書

   
   
   
   

10. Confluence 7.7+ only: In Confluence 7.7, JIT User Provisioning was introduced. As part of this change, you now have to define a username mapping. It requires an expression following the pattern ${attributeName}, and that claim/attribute will be used to match the username during the SSO login.
    
    
    
    
    
11. Confluence 7.7+ only: Also introduced by the JIT Provisioning, you can chose to create a user in Confluence when the username mapping doesn't match an existing user. You'll have to check the option Create users on login to the application, and then define claim/attribute mappings from Azure AD that will contain the user's Display Name, Email and Groups (the Groups attribute doesn't support mapping expressions).
    
    
    
    

12. To test the authentication, you can use a link like this (it will redirect you to the Azure login screen and then back to Confluence if the authentication is successful):
    
    

    https://<base-url>/plugins/servlet/external-login

    This link only works when running SSO for Atlassian Data Center app version 4.0.X or 4.1.X. This link is not available in version 4.2.X or later.