Atlassian Cloud OAuth Single Sign-On (SSO) Github

Atlassian Cloud OAuth Single Sign-On (SSO) with Github

Jira OAuth Single-Sign On(SSO) for Atlassian Cloud allows you to securely login using Github credentials. Single Sign-on (SSO) into your Atlassian Access or Atlassian Jira Cloud Account with any of your existing OAuth Provider credentials for enhanced security using our module.

    Try it for free

Pre-requisites

  • Atlassian Guard (Atlassian Access) Subscription:
    Atlassian Guard is an additional subscription applied across the Atlassian Cloud products like Jira Software, Jira Service Management, Jira Work Management, Confluence, and Bitbucket. It is needed for Single Sign-On (SSO) or any Cloud Service that comes under Atlassian Guard.
  • Domain Verification:
    The first step of Atlassian Guard starts with the Domain Verification process to enforce SSO on the managed user accounts. This process verifies that you own a valid domain for managing the user accounts and use the same domain name for the email addresses.

Download and Installation

  • Log into your Jira instance as an admin.
  • Navigate to Apps → Explore more apps from the header menu.
  • Next, search for the miniOrange OAuth/OpenID SSO app.
  • Click on Try it free to begin a new trial of the app.
  • On the menu bar click on Apps and locate the OAuth/OpenID SSO app and click .

In this guide, we will demonstrate the setup in three parts:

  • Configure OAuth SSO connection between miniOrange App (as OAuth Client) and Github (as OAuth Provider).
  • Configure SAML SSO connection between Atlassian Guard (as SP) and miniOrange App (as IDP).
  • Add users to the SSO Authentication policy, and enforce the SSO.

Step 1. Configure SSO connection between miniOrange App with Github

  • Once the plugin is installed select the Apps dropdown from the top menu and click on mO Jira OAuth/OIDC SSO option.
    • Jira app main menu with the Apps section open and the mO Jira OAuth/OIDC SSO app highlighted
  • Next, you will be prompted with a welcome pop-up window. Click Start Configuration.
    • Welcome window of mO Jira OAuth/OIDC SSO app.
  • Copy the Callback URL and keep it handy as it will be required while setting up the OAuth application in Github.
    • Callback URL from mO Jira OAuth/OIDC SSO app to be configured in the OAuth Provider
  • Login to Github : Go to Github Developer and login with your account. Click on settings.
    • OAuth/OpenID/OIDC Single Sign On (SSO), GitHub SSO Login Setup GitHub
  • Select Developer Settings.
    • OAuth/OpenID/OIDC Single Sign On (SSO), GitHub SSO Login Developer settings
  • Create App : Select OAuth Apps and click on Register a new application button.
    • OAuth/OpenID/OIDC Single Sign On (SSO), GitHub SSO Login Create App
  • Enter app credentials : Enter app name, plugin homepage URL. Copy callback URL from the plugin and paste it under Authorized callback URL field.
    • OAuth/OpenID/OIDC Single Sign On (SSO), GitHub SSO Login Enter app credentials
  • Copy Client ID and Client Secret.
    • OAuth/OpenID/OIDC Single Sign On (SSO), GitHub SSO Login Client ID
  • This step is optional. Follow this step if the email is returned as null while further configuring the plugin. Go to profile and set public email.
  • If Public Email field is disabled, go to Emails and uncheck the option Keep my email addresses private.
    • github_emails_tab

Step 2. Set up SSO between Atlassian Guard and miniOrange

  • In the next window, you’ll find the Plugin Metadata details.
  • Copy IDP Entity ID, IDP SSO URL, and IDP Public X.509 Certificate and keep it handy. You’ll need these to configure the Identity Provider in the Atlassian Guard.
  • Open the Atlassian Admin Console and go to the Security tab.

Note: In case you manage multiple organizations, you’ll have to select the intended one after accessing the admin console.

  • Click on Identity providers and select Other provider.
    • On the Atlassian admin dashboard, under the Security tab in the Identity providers section with the Other provider option highlighted.
  • Provide an appropriate name, select Set up SAML Single Sign-On, and click Next.
  • Now, paste the IDP Entity ID, IDP SSO URL, and Public X.509 Certificate that you copied from the plugin configuration.
    • Copy SAML details from mO Jira OAuth/OIDC SSO app and configure it on Atlassian Guard under the add SAML details section
  • Click Next and copy the Service Provider Entity ID and Service Provider Assertion Consumer Service URL. Keep these handy as they’re required to complete the plugin configuration.
  • Complete the rest of the Atlassian Guard configuration.
  • Once you’re done, return to the plugin configuration page, go to the SAML IDP Metadata tab, and click Next.
  • Enter the SP Entity ID and Assertion Consumer Service (ACS) URL that you copied, and click Next.
    • SAML SP configuration section in mO Jira OAuth/OIDC SSO app, where SP details are copied from Atlassian Guard

Step 3: Configure SSO Authentication Policy

Once all the SSO Configurations are done, you need to add users to the Authentication Policy and enforce Single Sign-On.

Follow these steps:

  • Log in to Atlassian Cloud Admin Console, and go to the Security tab.
  • Under the Authentication Policies section, find the respective SSO policy and click Edit.
  • Select the checkbox for Enforce single sign-on option, then go to the Members section and add the new users to the policy.
If you encounter any difficulties configuring miniOrange add-ons, please contact us at atlassiansupport@xecurify.com or raise a support ticket here.
OAuth Saml App

Did this page help you?

miniOrange Atlassian Contact Us

Book a Free Consultation with
Our Experts Today!

Schedule a call now!


Contact Us