Single Sign-on Integration with Atlassian products
Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.
Summary
A Single Sign On system allows users to use a single login for multiple applications.
You can integrate Atlassian products with the following SSO systems:
Solution
Cloud deployment
SAML single sign-on is available when you subscribe to Atlassian Access.
Atlassian Access enables company-wide visibility, security, and control across your Atlassian Cloud products (Jira, Confluence, Trello and Bitbucket).
You can read more about SAML SSO with Atlassian Access here.
For Opsgenie, SSO is available through Standard and Enterprise plans.
Server & Data Center deployment
For our on-prem deployments, you have several options to enable SSO:
Data Center feature
Single Sign-On is one of the core features of our Data Center products. Check out this page to see how to enable SAML SSO for Jira, Bitbucket and Confluence Data Center
Using Crowd
If you need additional user management features, or if you're using a Server deployment, you'd need to use Crowd - Atlassian's single sign-on, authentication, authorization, application provisioning and identity management framework - see the Crowd documentation for more information on Crowd SSO and integrating it with Atlassian applications
Looking for a multi-domain SSO solution?
Look no more! Crowd SSO 2.0 offers one solution for Server, Data Center, and Cloud applications and setting it up takes only minutes.
Are you are ready for the change? See Crowd SSO 2.0.
Writing a custom authenticator
Jira and Confluence integrate with SSO system Seraph, the Atlassian authentication library. Seraph is a very simple, pluggable J2EE web application security framework developed by Atlassian and used in our products.
Learn more about Seraph...
Seraph allows you to write custom authenticators that will accept the login credentials of your existing single sign-on system.
A few tips for writing your own custom authenticator for Confluence:
For Confluence 2.2 and above you must extend
com.atlassian.confluence.user.ConfluenceAuthenticatorinstead of the SeraphDefaultAuthenticator.The authenticator should not be a plugin. It should be placed in the class path by putting it in
WEB-INF/classesor as a jar inWEB-INF/libThe authenticator should have a public constructor that takes no arguments.
Dependency injection via setters or auto-wiring by name is not available to authenticators. Use
ContainerManager.getInstance(...)instead.The authenticators are constructed before beans are available via
ContainerManager.getInstance(...), so thegetInstancemethod needs to be called at runtime and not in the constructor.
These same restrictions apply for JIRA as well, except that:
The base class to use is
com.atlassian.jira.security.login.JiraSeraphAuthenticatorComponents are obtained with
ComponentAccessor.getComponent(...).
Check out these examples:
CAS for Confluence, contributed by Carl Harris at Virginia Tech.
CAS for JIRA, contributed by Carl Harris at Virginia Tech.
Siteminder for Confluence, contributed by Ricardo Sueiras
There has been a discussion of integrating with Siteminder on the mailing list that may be applied to Jira integration. All third-party code must be treated with caution - always backup your Confluence instance before use. If you create a custom SSO plugin and would like to contribute it to the user community, please let us know on a support ticket. You can also browse the Seraph Discussion Forums.
Marketplace app
Finally, you can also use a an app from our Marketplace
List of SSO apps
SAML Single Sign On (SSO) Bamboo Using Confluence and JIRA without SSO
mO Jira SAML SSO/Jira SSO/Jira Single Sign On SSO/SAML Login
mO Confluence SAML SSO/Confluence SSO (Single Sign On/Login)
mO Bitbucket SAML SSO/Bitbucket SSO/Bitbucket Single Sign On
mO Fisheye SAML SSO/Fisheye SSO/Fisheye Single Sign On (SSO)
Delegate user management
Confluence can also delegate user management to use Jira logins, but this will not provide you with SSO.
Was this helpful?