How Starbucks Simplified Jira Service Portal Access with miniOrange
Starbucks, the world’s leading coffeehouse chain, optimized access management on its Jira Service Management (JSM) portal using miniOrange’s SAML Single Sign-On app. The solution enabled seamless authentication while automatically segregating internal employees and external users, reducing IT workload and ensuring the right level of access for every user type.
Starbucks Business Challenge
Starbucks needed a scalable way to securely manage SSO access for both internal and external users across its Jira Service Portal, with role-based controls and minimal admin overhead.
Managing SSO Access for Mixed User Groups in Jira: Starbucks' Challenge
As a globally recognized brand with thousands of daily logins to its Jira Service Portal, Starbucks needed a secure and efficient solution to manage access for both internal employees and external users, including partners, customers, and suppliers.
They required the ability to:
- Differentiate between internal and external users during Single Sign-On (SSO)
- Assign different access privileges based on the type of the user
- Reduce reliance on technical support for user management
- Securely manage a large number of daily logins from mixed user groups
Starbucks, an existing miniOrange customer, approached us for a solution to this complex Atlassian ecosystem use case. At the time, no product in the marketplace offered the kind of granularity required to solve this challenge.
How miniOrange Helped Solve Starbucks’ Challenge
miniOrange enabled automated domain-based user segregation within the miniOrange SAML SSO app for Jira, giving Starbucks precise access control for internal and external users, without manual provisioning.
Automating User Segregation in Jira with Domain-Based SSO Rules
To solve this complex access management challenge, miniOrange implemented a clever solution using its Jira SAML Single Sign-On.
We enabled domain-based user segregation, allowing Starbucks to automatically identify whether the person logging in is an internal employee or an external user, removing the need for manual classification or provisioning.
The miniOrange SSO app functions as a SAML Service Provider, allowing Jira to securely integrate with any SAML-compliant Identity Provider (IdP). After a user successfully authenticates via SSO, the system checks their email domain to determine whether they are an internal employee or an external user.
Based on this domain check:
- Users are automatically assigned to default groups configured by the Jira administrator
- Domains mapped as internal redirect users to internal access groups
- All other domains are treated as external and the associated users are redirected accordingly
These groups can be customized with specific permissions and access levels, allowing organizations to enforce precise access control policies without manual intervention.
Because the miniOrange SAML SSO app is compatible with all major Identity Providers, it allowed Starbucks to integrate seamlessly into their enterprise environment.
Success Outcome: Secure, Segmented Access Without Manual Overhead
Our solution allowed Starbucks to securely manage thousands of users, eliminate manual group assignment, and enforce role-based access policies at scale, all without needing any additional marketplace apps or manual provisioning tools.
With miniOrange, Starbucks was able to:
- Instantly recognize and separate internal employees and external users during authentication
- Assign users custom default groups based on their domain to have granular control over access levels without manual intervention
- Fully automate user onboarding, requiring no admin input each time someone logged in
- Add an extra layer of security by treating any unrecognized domain as external by default
By turning a previously unavailable feature into a seamless, integrated workflow, miniOrange helped Starbucks modernize access control across their Atlassian ecosystem without causing any disruption to end users.
Results & Business Impact
The implementation of miniOrange SSO resulted in several measurable and qualitative improvements:
- Faster Internal Support: With smoother access to JSM, internal teams could raise and resolve issues faster
- Fewer Login Issues: Reduced reliance on password resets led to a noticeable drop in IT support requests
- Improved Security Posture: Centralized login with domain restrictions reduced the risk of unauthorized access
- High User Adoption: The intuitive login flow encouraged greater platform engagement from internal users
By turning a previously unavailable feature into a seamless, integrated workflow, miniOrange helped Starbucks modernize access control across their Atlassian ecosystem without causing any disruption to end users.
About Starbucks
Starbucks is the world’s leading coffeehouse chain, operating over 38,000 stores in more than 80 countries. Known for its commitment to quality, innovation, and customer experience, Starbucks continues to set industry standards across retail, supply chain, and digital engagement. With a large global workforce and an extensive partner ecosystem, Starbucks relies on secure, scalable technology to support its internal operations and service delivery.