Single Sign-On for Canon

Single Sign-On for Canon

miniOrange + Canon

miniOrange SAML SSO app: Single Sign On and Git Authentication makes login experience hassle-free

Canon Inc. is a Japanese multinational corporation headquartered in Ōta, Tokyo, Japan, specializing in optical, imaging, and industrial products, such as lenses, cameras, medical equipment, scanners, printers, and semiconductor manufacturing equipment.
Canon uses multiple Atlassian applications to improve software development, project management, collaboration, and code quality. So to make the user experience seamless and smooth, they approached us with the below requirements.

  • Login users with domain names.
  • Git Login for External AD Users.

Use case 1: Manage users based on domains.

User identities are stored in multiple Identity Providers, and all these users want to login into Jira, Confluence, and Bitbucket applications.
Each of the Identity Providers has a specific user domain. They wanted a hassle-free login where users do not need to select options during login.

Solutions we provided to Canon:

Generally, we provide SSO buttons on the login page if multiple Identity Providers are configured for SSO in the miniOrange plugin. Any user can click on the SSO button and get authenticated against Identity Providers and access Jira or Confluence applications. But in Canon's case, this approach wouldn't be suitable. So we designed a custom login form where users can enter their email address and implemented a way to check domains in the backend and then get users redirected to the appropriate IDP for authentication. So the users do not have to use the IDP selection for login.

Key benefits of the solution to Canon:

  • Easy to Configure: You just need to add domain names against configured IDPs and you are good to go.
  • Smooth User Experience: Users don't have to choose the SSO button during login. Instead, they only need to enter their email address on a custom login screen and they will automatically get redirected to the respective IDP login page for authentication. It completely removes the IDP selection while login and makes the user experience hassle-free.
  • Improves Security: The login page will be accessible to system admins only which exists only in the internal directory of the Jira andConfluence applications, hence increasing overall security.

Use case 2: Git Login for External AD user.

Users are synced from the External AD directory into Bitbucket for Authentication. They're looking for a way to help developers get authenticated to perform the git operations like push and pull into Bitbucket Repositories using the AD credentials.

Solution: miniOrange Git Authentication feature.

We suggested the Git Authentication feature as a solution. This feature is implemented in the SAML SSO add-on to make its setup easy. This solution helped their users get authenticated from the synced External AD to perform Git operations. Whenever a user tries to perform a Git operation, a pop-up is shown to enter their credentials on any git client application. These credentials are submitted to Bitbucket for user verification and to perform the requested operation. The part of user verification is handled by miniOrange git authentication. Firstly the credentials are verified with the IDP if the user is not present in the IDP, then the plugin verifies if these credentials are valid for any Bitbucket directory user. If the user is invalid then the flow is aborted, else the flow is handed over to Bitbucket to complete the requested operation.

Key benefits of this solution to Canon:

  • Easy to Setup: Minimal IDP configurations for Git Login and users are ready to practice Git authentication.
  • Ease Of Access: Users can use any set of login, either IDP credentials or Bitbucket credentials for Git Authentication. Also, this helps to avoid the complexities of the SSH key.
  • Git Authentication for All: Any user can perform Git Login stored in an internal directory or external directory. miniOrange Git Authentication plugin takes care of the authentication part so well.

For Canon, our product proved to be the best. What about you? If you don’t find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387 to find an answer to your question about Single Sign-On(SSO).