How KPMG Secured Atlassian Applications with Azure AD and miniOrange

• Enable centralized Single Sign-On (SSO) for Atlassian applications using Azure AD
• Secure API access by enforcing Azure token validation for both public and private endpoints
• Simplify onboarding by integrating with their centralized LDAP directory for automatic permission assignment
• Unify access management across browser logins and API calls for stronger compliance and governance

Without a consolidated solution, KPMG risked inconsistent access policies, higher administrative workload, and potential security gaps between browser and API access points.

Centralized Authentication, API Security, and LDAP Onboarding in Jira, Confluence, and Bitbucket

Here’s how the solution worked:

• OAuth SSO with Azure AD: Users logging into Atlassian apps were authenticated through Azure AD using the miniOrange OAuth plugin. This ensured all browser-based access was controlled by a single, centralized identity provider.
• REST API Authentication with Azure Tokens: API requests to Confluence were secured by validating Azure AD tokens. This prevented unauthorized users from accessing sensitive data via public or private APIs.
• LDAP Integration for Onboarding: To streamline new user management, miniOrange integrated KPMG’s scripted calls with their centralized LDAP. When a new employee was onboarded, permissions were automatically assigned and synced with Jira, Confluence, and Bitbucket.
• Unified Access Control: By combining browser-level and API-level authentication, miniOrange helped KPMG maintain consistent access policies across all entry points into their Atlassian ecosystem.

Success Outcome: Stronger Security and Smoother Workflows

The miniOrange solution gave KPMG exactly what they needed, robust, centralized authentication tied to Azure AD, with automation that reduced administrative burden.

With miniOrange, KPMG was able to: