How Canon Simplified Domain-Based SSO and Git Authentication for External AD Users with miniOrange
Canon Inc., a global leader in imaging and optical technology, needed to simplify access and streamline authentication across its Atlassian ecosystem. With users spread across multiple Identity Providers (IdPs) and Active Directory environments, Canon aimed to implement domain-based login flows and secure Git operations via AD credentials. miniOrange delivered a tailored solution that eliminated user friction, enhanced security, and enabled seamless Git authentication, all while maintaining centralized control.
Business Challenge
Canon needed to streamline user authentication across multiple IdPs and external Active Directory environments.
Unified Login Flows Across Diverse Identity Providers
Canon relies on Jira, Confluence, and Bitbucket to drive global software development and internal collaboration. With users managed across multiple Identity Providers, Canon had two primary requirements:
1: Domain-Based Login for Jira, Confluence, and Bitbucket
- Users belonged to different organizations, each with its own Identity Provider.
- Canon wanted users to log in simply by entering their email address, without needing to select their Identity Provider manually from the login screen.
- The login flow needed to automatically detect the user’s domain and redirect them to the appropriate IdP for authentication.
2: Git Authentication for External AD Users
- Developers authenticated through an external Active Directory (AD) needed to perform Git operations (e.g., push/pull) in Bitbucket.
- Canon required a secure method to map Git credentials to AD accounts, ensuring that developers could use familiar credentials without additional configuration or SSH keys.
How miniOrange Helped
By intelligently routing users based on email domains and enabling credential-based Git access, Canon achieved a smoother user experience and tighter integration across its Atlassian tools.
Custom SSO Flows and Seamless Git Authentication
miniOrange provided a dual-solution approach to address Canon’s requirements with precision.
1: Domain-Based SSO Redirection
By default, miniOrange allows SSO via selectable login buttons for each Identity Provider. However, this approach wasn’t ideal for Canon’s large, diverse user base. Instead, miniOrange delivered a custom domain-based login experience:
- A custom login form was created, allowing users to enter their email address.
- The backend automatically parsed the domain from the email and identified the correct Identity Provider.
- Users were then redirected to the appropriate IdP for SAML-based authentication, without any manual IdP selection.
This seamless redirection flow dramatically improved the user experience while maintaining robust security standards.
2: Git Authentication via External Active Directory
To allow secure Git operations for developers managed in an external AD, miniOrange implemented the Git Authentication feature as part of its SAML SSO plugin for Bitbucket.
- When a user attempts a Git operation (push/pull), a credential prompt appears via their Git client.
- miniOrange validates the credentials:
- If the user exists in the configured IdP (AD), authentication is handled there.
- If not, miniOrange checks Bitbucket’s internal directories.
- If the credentials are valid, the user is authenticated and the Git operation proceeds.
- If authentication fails, the operation is aborted for security.
This approach allowed developers to use either their AD or Bitbucket credentials without needing SSH key configuration.
Success Outcome: Frictionless Logins and Developer-Friendly Git Operations
Canon successfully implemented intelligent authentication workflows across their Atlassian environment. The solutions provided by miniOrange allowed:
- Domain-aware redirection without requiring users to know or choose their IdP.
- Git operations with flexible credential support, ensuring continuity for external AD users.
- A secure, centralized authentication architecture with minimal user intervention.
Results & Business Impact
- Zero-Touch SSO Routing: Users automatically redirected to their appropriate IdP based on email domain, no SSO button selection required.
- Faster Developer Workflows: Git push/pull operations authenticated securely using familiar credentials.
- No SSH Key Dependencies: Users could authenticate via simple credential prompts, avoiding the complexity of SSH key management.
- Enhanced Security Posture: Login page restricted to Jira/Confluence admins only; backend domain validation minimized attack surface.
- Scalable Design: Easily extended to accommodate new domains or Identity Providers in the future.
About Canon Inc.
Headquartered in Tokyo, Japan, Canon Inc. is a globally renowned manufacturer of imaging and optical products, including cameras, lenses, medical devices, printers, and industrial equipment. With operations in over 180 countries, Canon continues to lead innovation across imaging, digital manufacturing, and precision technologies.