Single Sign On For Starbucks
miniOrange + Starbucks
External User Management through Jira Single Sign-On (SSO)
Use Case - Managing external users and their access level using SAML Single Sign-On
Starbucks was looking for a product that can differentiate between internal and external users at the time of Single Sign-On (SSO). There is no such product available in the Atlassian marketplace.
Being our existing client, Starbucks contacted us with the query of assigning different privileges to external users and their internal employees at the time of Single Sign-On. User Management maintains whole control over their external user (like partners, customers, and suppliers) access and reduces the need of tech support. Several users log into Starbucks’ service portal daily, which includes their external customers and internal employees of the organization. For managing these users, they wanted an easy and secure way to categorize them as internal and external users.
Solutions we provided to Starbuck:
miniOrange configured Jira SAML Single Sign On (SSO) plugin, external user management can be performed by assigning different default groups to internal and external users. These groups in Jira would eventually control the permissions and privileges provided to these users.
To differentiate the internal user from the external user, the plugin uses the domain of their email address. The administrator can assign different default groups to different domains. When a user logs into the Starbucks service portal, based on the domains configured, the plugin decides if the user is internal or external. Based on this domain, they will be assigned to their respective default groups.
Hence, managing users becomes easy and different user permissions can be assigned to users based on their groups. Being a software security company we know the importance of organization securities and hence build quality products for our clients along with world-class support.
How does it work?
miniOrange SAML Jira Single Sign On (SSO) Add-On acts as a SAML Service Provider which can be configured to establish the trust between the Jira and a SAML capable Identity Provider. After SSO authentication, the system checks the domains of all users and assigns the default groups. Whenever a user tries to login into the system, it performs SSO and after successful authentication of the user, the email domain of the user is identified to check whether the user is an internal user of the organization or an external user depending on which the respective group is assigned to the user. Other than configured domains, all other domains are treated as external user domains. User groups for internal and external users are created by the administrator in Jira (Such groups can be given different access privileges for using the system).
Our Jira SAML Single Sign on provides the best SSO features - an add-on that works with all Identity Providers. Enable users to sign in to the application with your Identity Provider. We support all known providers - Google Apps, ADFS, Azure AD, Okta, OneLogin, Salesforce, Shibboleth, SimpleSAMLphp, OpenAM, Centrify, Ping, RSA, IBM, Oracle, Bitium, WSO2, NetIQ, miniOrange, etc.
Key benefits of the solution to Starbucks :
- Segregation of internal and external users based on email domain allows user and group management.
- No need to buy different User Group Management plugin for managing the user groups.
- Groups are automatically assigned to users based on their email domain at the time of SSO.
- This made environmental setup easy to enforce additional security layers like 2FA on top of user authentication.
In conclusion, marketplaces have many products according to business needs. For Starbucks, our product proved to be the best. What about you? Which product is best for you?