- Home
- OAuth Cloud SSO
- OAuth SSO Documentation
- Atlassian Cloud OAuth Single Sign-On (SSO) with AWS Cognito
Atlassian Cloud OAuth Single Sign-On (SSO) with AWS Cognito
With Jira OAuth Single Sign-On (SSO) for Atlassian Cloud, you can securely log in to Atlassian Cloud using your AWS Cognito credentials. This app allows you to implement seamless Single Sign-On (SSO) for Atlassian Cloud accounts using existing AWS Cognito credentials.
Try it for freePre-requisites
-
Atlassian Guard (Atlassian Access) Subscription:
Atlassian Guard is an additional subscription applied across the Atlassian Cloud products, like Jira Software, Jira Service Management, Jira Work Management, Confluence, and Bitbucket. It is needed for Single Sign-On (SSO) or any Cloud Service across Atlassian Cloud products. -
Domain Verification:
Atlassian Guard requires the Domain Verification process to enforce SSO on the managed user accounts. This process verifies that you own a valid domain for managing the user accounts and use the same domain name for the email addresses.
References:
https://www.atlassian.com/software/guard/guide/getting-startedhttps://www.atlassian.com/licensing/atlassian-guard
Download and Installation
- Log in to your Atlassian Admin Console and select your site.
- Now, in the left sidebar, scroll down to the Apps section. Under Apps, select Site, which will open the site settings page.
- In the Site Settings, navigate to Connected Apps → Explore apps. (Alternatively, you can go to the Atlassian Marketplace and search for the app.)
- Search for miniOrange OAuth/OpenID SSO.
- Click “Try it free” to begin a new trial of the app.
- On the top menu bar, go to Apps.
- Locate the “mO Jira OAuth/OpenID SSO” app and click to open it.
In this guide, we will demonstrate the setup in three parts:
- Configure OAuth SSO connection between miniOrange App (as OAuth Client) and AWS Cognito (as OAuth Provider).
- Configure SAML SSO connection between Atlassian Guard (as SP) and miniOrange App (as IDP).
- Add users to the SSO Authentication policy, and enforce the SSO.
Step 1. Configure SSO between miniOrange App and AWS Cognito
- Once the plugin is installed, select the Apps section from the sidebar menu and click on mO Jira OAuth/OIDC SSO option.
- Next, you will be prompted with a welcome pop-up window. Click Start Configuration.
- Now, in the Configured Providers section, click the "Add Provider" button.
- Select AWS Cognito as the application.
- And copy the callback URL from the OAuth / OIDC Provider Configurations page and keep it handy, as you'll need it to configure AWS Cognito as the OAuth provider.
- After copying the callback URL, sign in to AWS Amazon.
- Search for Cognito in the AWS Services search bar as shown below.
- Click on Create a User Pool button to create a new User Pool.
- Select the Application type as Traditional web application. Provide a name for your application and choose the required attributes.
- Add the callback URL in the Return URL field, click Create.
- Scroll down and click on the Go to Overview button.
- Go to Authentication methods and click the Edit button in the Email.
- Enter the email address where the message will be sent and click Save Changes.
- Go to App Clients and either select or create a new App Client.
- Copy the Client ID and Client Secret and keep it handy for later use.
- Go to Attribute permissions, click Edit and choose desired attributes. Once done, click Save.
- In the Login pages tab, click Edit.
- Add the Callback URL in the respective field. Select Cognito user pool, Authorization code grant, and scopes (such as, Email, OpenID, Profile). Then click Save Changes.
- Go to the Users tab, then click Create user.
- Enter user details like email, phone number, and password. Click Create user.
- Now, return to the miniOrange App configuration page. (OAuth / OIDC Provider Configurations )
- Enter Client Id, client secret & domain url as {your domain name}.auth.{region name}.amazoncognito.com
- And configure the scope as openid, email, etc., and click Save Configuration.
Step 2. Set up SSO between Atlassian Guard and miniOrange App
After saving the OAuth Configuration, you’ll be required to configure Atlassian Guard and the miniOrange OAuth/OIDC SSO App.
- A pop-up notification will appear, asking you to complete the Atlassian Guard configuration.
- Click on Configure Guard, and you will be navigated to the Guard Configurations section.
- In this section, you will find the Plugin Metadata details.
- Copy and keep the following values handy. You’ll need them while setting up your Identity Provider in Atlassian Guard:
- IDP Entity ID
- IDP SSO URL
- IDP Public X.509 Certificate
- Open the Atlassian Admin Console and navigate to the Security tab.
- Under User Security, click Identity Providers.
- Select Other to begin configuring a custom Identity Provider.
- Provide an appropriate name, select Set up SAML Single Sign-On, and click Next.
- Now, paste the IDP Entity ID, IDP SSO URL, and Public X.509 Certificate that you copied from the plugin configuration.
- Click Next and copy the Service Provider Entity ID and Service Provider Assertion Consumer Service URL. Keep these handy as they’re required to complete the plugin configuration.
- Complete the rest of the Atlassian Guard configuration.
- Once you’re done, return to the plugin, go to the SP Metadata tab in the Guard Configurations section, and click Next.
- Enter the SP Entity ID and Assertion Consumer Service (ACS) URL that you copied, and click Save Settings.
Note: In case you manage multiple organizations, you’ll have to
select the intended one after accessing the admin console.
Step 3: Configure SSO Authentication Policy
Once all the SSO Configurations are done, you need to add users to the Authentication Policy and enforce Single Sign On.
After saving the SP Metadata, click Next to find the steps for adding the users to the Authentication policy.
Now you can now seamlessly enjoy Single-Sign On into Atlassian with your preferred OAuth provider, with our miniOrange app.
Additional Resources
Did this page help you?
×
![]()