Atlassian Cloud Single Sign On

miniOrange provides secure access to Atlassian(Cloud) for enterprises and full control over access of applications, Single Sign On (SSO) into your Atlassian(Cloud) Account with one set of login credentials.

• Single Sign On

  miniOrange Single Sign On (SSO) Solution provides easy and seamless access to all enterprise resources with one set of credentials, miniOrange provides Single Sign On (SSO) to any type of devices or applications whether they are in the cloud or on-premise.

• Strong Authentication

  Secure your Atlassian(Cloud) app from password thefts using multi factor authentication methods with 15+ authentication types provided by miniOrange. Our multi factor authentication methods prevent unauthorized users from accessing information and resources having password alone as authentication factor. Enabling second factor authentication for Atlassian(Cloud) protects you against password thefts.

• Fraud Prevention

  miniOrange prevents frauds with its dynamic risk engine in conjunction with enterprise specific security policy. We support a combination of the Device Id, Location and Time of access as multi-factor authentication that can detect and block fraud in real-time, without any interaction with the user.

miniOrange supports both IdP (Identity Provider) and SP (Service Provider) initiated Single Sign On (SSO)

• IdP Initiated Single Sign On (SSO)

  In IdP Initiated Login, SAML request is initiated from miniOrange IdP.

• Enduser first authenticates through miniOrange Idp by login in to miniOrange Self Service Console.
• The Enduser will be redirected to their Atlassian(Cloud) account by clicking the Atlassian(Cloud) icon on the Enduser Dashboard - there is no need to login again.

• SP Initiated Single Sign On (SSO)

  In SP Initiated Login, SAML request is initiated by Atlassian(Cloud).

• An Enduser tries to access their Atlassian(Cloud) domain.
• They will be redirected to miniOrange Self Service Console.
• Here they can enter the miniOrange login credentials and login to their Atlassian(Cloud) Account.

Follow the Step-by-Step Guide given below for Atlassian(Cloud) Single Sign On (SSO)

Step 1: Configure Single Sign On (SSO) Settings

• Login to miniOrange Admin Console.
• Go to Apps >> Manage Apps . Click Configure Apps button.
• Click on SAML tab. Select Atlassian(Cloud) and click Add App button.



• Make sure the SP Entity ID or Issuer is in the format: https://[yourdomain].my.atlassian.com/?so=[organization_id].
• Make sure the ACS URL is in the format: https://[yourdomain].my.atlassian.com/?so=[organization_id].
• Make sure the Single Logout URL is in the format: https://[yourdomain].my.atlassian.com.
• Leave the Attributes section empty.
• Click on Save to configure Atlassian(Cloud).
• Download the certificate to be uploaded in Atlassian(Cloud) Single Sign On(SSO) settings.

Step 2: Create a policy for Atlassian(Cloud)

• Login to miniOrange Admin Console.
• Go to Policies >> App Authentication Policy.
• Add a new policy for Atlassian(Cloud).
1. Select Atlassian(Cloud) from Application dropdown.
2. Select a Group Name from dropdown - the group for which you want to add Atlassian(Cloud) policy.
3. Give a policy name for Atlassian(Cloud) in Policy Name field.
4. Select the First Factor Type for authentication.
5. Enable Second Factor for authentication if required.
6. Click on Save button to add policy for Atlassian(Cloud) Single Sign On (SSO).



• Now click on Onboard users into our system from View Policy Tab.

Step 3: Configure Atlassian(Cloud)Settings

Login to your Atlassian(Cloud) account as Admin.

• Go to Site Administration -> Single sign-on.
• Enable single sign-on switch to opt in to the new Atlassian account login.

Go to the Configure SAML page for your Atlassian Cloud account:

• Go to Site Administration -> SAML. You can also go directly to the following URL:
• https://[yourdomain].atlassian.net/admin/SAML

Configure with the following values and Save:

Issuer	https://login.xecurify.com/moas/login
Identity Provider Certificate	Upload the certificate downloaded from miniOrange Admin Console
Identity Provider Login URL	https://login.xecurify.com/moas/login/idp/samlsso

Step 4: Onboard users into our system.

• Download sample csv format from our console and create a CSV file containing your users in this format.



• Upload your CSV in our console via Bulk Upload.
• After uploading the CSV file successfully, you will see a success message.
• From Users/Groups menu, select Manage Users/Groups and go to On Boarding Status. Select users to send activation mail and click on send activation mail. An activation mail will be sent to the selected users.

Step 5: Register users into our system (End Users)

• Sign In to your mail and click on registration link that is valid only for 5 days. You will be redirected to our registration page.
• Configure your basic details.



• Configure any strong authentication method.



• Configure KBA (Security Questions) as your fallback method, in case you lost your phone this will get invoked and save your details.



• After successful registration, you will see a registration successful message.

Using Two Factor Authentication for Atlassian(Cloud)

The most practical way to strengthen authentication is to require a second factor after the username/password stage. Since a password is something that a user knows, ensuring that the user also has something or using biometrics thwarts attackers that steal or gain access to passwords.

Traditional two-factor authentication solutions use hardware tokens (or "fobs") that users carry on their keychains. These tokens generate one-time passwords for the second stage of the login process. However, hardware tokens can cost up to $40 each. It takes time and effort to distribute them, track who has which one, and replace them when they break. They're easy to lose, hard to use, and users consistently report high levels of frustration with token-based systems.

Your choice of second factor

miniOrange authentication service has 15+ authentication methods.

• One time passcodes (OTP) over SMS
• OTP over Email
• OTP over SMS and Email
• Out of Band SMS
• Out of Band Email
• Soft Token
• Push Notification
• USB based Hardware token
• Security Questions
• Mobile Authentication
• Voice Authentication (Biometrics)
• Phone Verification
• Device Identification
• Location
• Time of Access
• User Behavior

You can choose from any of the above authentication methods to augment your password based authentication. miniOrange authentication service works with all phone types, from landlines to smart-phone platforms. In the simplest case, users just answer a phone call and press a button to authenticate. miniOrange authentication service works internationally, and has customers authenticating from many countries around the world.

For further details refer :
https://confluence.atlassian.com/cloud/saml-single-sign-on-943953302.html