How Avalon Healthcare Enabled Selective SSO for Jira Service Management Customers with miniOrange
Avalon Healthcare Solutions streamlined external user authentication on its Jira Service Management (JSM) Cloud portal using miniOrange’s SAML/OAuth SSO for JSM Customers. By enabling SSO with Okta for specific users, while allowing others to continue with standard login, Avalon achieved flexible access control without the limitations of Atlassian Guard.
Avalon Healthcare's Business Challenge
Enabling SSO for Selected External Users Without Affecting Others
After migrating from Atlassian Data Center to Cloud, Avalon Healthcare needed to modernize authentication for its external users.
Their environment included:
- A large base of ~2,500 external users using standard login
- A smaller group of 30–50 users requiring SSO via Okta (SAML)
The key challenge was balancing these two user groups. Avalon needed a solution that could:
- Enable SSO for only a subset of external users
- Allow the remaining users to continue using manual login
- Avoid enforcing SSO across all users at the organization/domain level
- Reduce manual overhead in managing access and authentication
However, Atlassian Guard enforces SSO at a domain or organization level, making it impossible to apply SSO for external users. Avalon Healthcare required a more flexible approach tailored to its business needs.
How miniOrange Helped Solve Avalon Healthcare's Challenge
miniOrange enabled Avalon Healthcare to implement flexible SSO through Okta while maintaining separate authentication experiences for different external user groups.
Enabling Flexible SSO with Okta
miniOrange implemented SAML/OAuth SSO for JSM Customers, allowing Avalon to integrate Jira Service Management with Okta using SAML, while maintaining flexibility in authentication flows.
Selective SSO for External Users
The solution enabled Avalon to enforce SSO only for selected external users while allowing all other users to continue with default Jira login. This was achieved through the following capabilities of the miniOrange SAML/OAuth SSO for JSM Customers solution:
- Organization Mapping — Automatically assigning users to the appropriate Jira Service Management organizations based on defined rules.
- Portal Access Mapping — Restricting access to specific portals depending on user organization and IdP groups.
- Default Organization Sharing — When enabled, the customer's organization is automatically selected while raising a request.
- Customized Sort and Filter — Added tailored sorting and filtering options on the customer portal.
These capabilities ensured that users had accurate and controlled access without requiring manual intervention from administrators.
Success Outcome: Flexible Authentication Without Compromising Security
With miniOrange, Avalon Healthcare successfully implemented a tailored authentication strategy that met its unique requirements.
With miniOrange, Avalon was able to:
- Enable selective SSO for specific external users via Okta
- Maintain default login for the majority of users
- Reduce manual effort in managing external user access
- Improve access control using automated organization and portal mapping and enhance overall security posture
- Provide a consistent and reliable login experience for all users
- Ease user experience with default organization sharing such that a user's organization is automatically selected
- Enhance portal usability with customized sort and filter
About Avalon Healthcare Solutions
Avalon Healthcare Solutions is a healthcare technology company focused on improving clinical outcomes and optimizing healthcare delivery through advanced analytics and evidence-based solutions. With a strong emphasis on innovation and efficiency, Avalon leverages secure digital platforms to support its operations and partner ecosystem.