How KPMG Secured Atlassian Applications with Azure AD and miniOrange
KPMG, one of the world’s leading professional services firms, strengthened authentication and access control across Jira, Confluence, and Bitbucket using miniOrange’s OAuth SSO and REST API Authentication apps. The solution centralized authentication through Azure AD, streamlined onboarding with LDAP integration, and enforced token-based API security, ensuring a unified, secure, and efficient user experience.
KPMG’s Business Challenge
KPMG needed a way to centralize authentication and enforce tighter access control across its Atlassian ecosystem while reducing the overhead of manual user provisioning.
Managing Authentication and API Security Across Atlassian: KPMG’s Challenge
As a global organization with thousands of active users across Jira, Confluence, and Bitbucket, KPMG wanted a single, reliable solution to:
- Enable centralized Single Sign-On (SSO) for Atlassian applications using Azure AD
- Secure API access by enforcing Azure token validation for both public and private endpoints
- Simplify onboarding by integrating with their centralized LDAP directory for automatic permission assignment
- Unify access management across browser logins and API calls for stronger compliance and governance
Without a consolidated solution, KPMG risked inconsistent access policies, higher administrative workload, and potential security gaps between browser and API access points.
How miniOrange Helped Solve KPMG’s Challenge
miniOrange delivered a combined solution using its OAuth SSO and REST API Authentication plugins, with additional LDAP integration for automated provisioning.
Centralized Authentication, API Security, and LDAP Onboarding in Jira, Confluence, and Bitbucket
Here’s how the solution worked:
- OAuth SSO with Azure AD: Users logging into Atlassian apps were authenticated through Azure AD using the miniOrange OAuth plugin. This ensured all browser-based access was controlled by a single, centralized identity provider.
- REST API Authentication with Azure Tokens: API requests to Confluence were secured by validating Azure AD tokens. This prevented unauthorized users from accessing sensitive data via public or private APIs.
- LDAP Integration for Onboarding: To streamline new user management, miniOrange integrated KPMG’s scripted calls with their centralized LDAP. When a new employee was onboarded, permissions were automatically assigned and synced with Jira, Confluence, and Bitbucket.
- Unified Access Control: By combining browser-level and API-level authentication, miniOrange helped KPMG maintain consistent access policies across all entry points into their Atlassian ecosystem.
Success Outcome: Stronger Security and Smoother Workflows
The miniOrange solution gave KPMG exactly what they needed, robust, centralized authentication tied to Azure AD, with automation that reduced administrative burden.
With miniOrange, KPMG was able to:
- Enforce centralized SSO across Jira, Confluence, and Bitbucket
- Block unauthorized API access by requiring Azure AD tokens
- Automate user onboarding and permission sync via LDAP integration
- Improve user experience with a consistent, seamless login flow across all apps
About KPMG
KPMG is a global network of professional services firms providing audit, tax, and advisory services. With operations in 145 countries and more than 270,000 professionals, KPMG helps organizations navigate complex business challenges with trust, innovation, and insight.