Parallel SSO Access for Mixed Identity Sources in Atlassian
As a technology hub supporting Porsche Holding Salzburg and other Volkswagen Group companies, Porsche Informatik manages complex user identities spanning multiple systems.
Their team needed to:
- Enable users from both LDAP and a custom OAuth provider to log in via SSO
- Route users dynamically to the correct authentication source based on group membership
- Maintain a seamless login experience for all users without duplicate configurations
- Ensure compatibility with Atlassian applications like Jira and Confluence
No native Atlassian solution or marketplace app supported this level of SSO flexibility out-of-the-box. Porsche Informatik reached out to miniOrange for a tailored solution.
How miniOrange Helped Solve Porsche Informatik's Challenge
miniOrange implemented the authentication setup using its OAuth/OIDC SSO add-on, enabling secure redirection and identity-based login routing based on user groups.
Redirection Rules & Multi-SSO Setup with miniOrange OAuth/OIDC Add-On
To accommodate the use of multiple identity providers, miniOrange configured the OAuth/OIDC SSO app in both Jira and Confluence to support multiple login flows.
Here’s how it worked:
- Enable Multiple Authentication Sources: Users from both LDAP and OAuth were supported via separate SSO applications within the same plugin instance.
- Redirection Rules Based on Group: Users were redirected to their appropriate identity provider during login based on their group membership within the Atlassian application.
- Custom Group Mapping: For OAuth users, the system supported nested subgroups (beyond standard group responses), allowing advanced mapping of user roles within Jira and Confluence.
This group-based redirection allowed Porsche Informatik to control who saw the login page and who was automatically redirected to the appropriate identity provider—completely behind the scenes.
Success Outcome: Unified Access Without Login Confusion
By using miniOrange’s OAuth/OIDC SSO app, Porsche Informatik created a unified login experience across Jira and Confluence, while maintaining separate authentication paths for users based on their group identity.
The configuration empowered them to:
- Seamlessly authenticate both LDAP and OAuth users from a single login interface
- Eliminate the need for manual routing or administrative intervention
- Preserve a smooth, passwordless experience across applications
- Ensure robust, rule-based access control tied to user group logic
Results & Business Impact
The deployment of miniOrange SSO for multiple identity providers brought several operational benefits:
- Smooth Parallel Login: Users from multiple identity sources could log in without confusion or added steps.
- Reduced Admin Effort: Redirection logic replaced manual routing or multiple SSO setups.
- Enhanced Flexibility: The solution scaled across Jira and Confluence with no duplicate provisioning.
- Improved End-User Experience: Identity-based routing happened in the background, keeping login intuitive.
About Porsche Informatik
Porsche Informatik GmbH is a digital solutions and IT services provider serving Porsche Holding Salzburg and the Volkswagen Group. Specializing in mobility solutions, enterprise IT, and business-critical applications, Porsche Informatik operates at the intersection of automotive innovation and secure software delivery across 27 countries.