Confluence SAML app gives the ability to enable SAML Single Sign On for Confluence Software. Confluence Software is compatible with all SAML Identity Providers. Here we will go through a guide to configure SSO between Confluence and your Identity Provider. By the end of this guide, users from your Identity Provider should be able to login and register to Confluence Software.
To integrate your Identity Provider(IDP) with Confluence, you need the following items:
Fields to be filled in JumpCloud | Corresponding details to be copied from the plugin |
IdP Entity ID | Enter a unique IdP Entity ID of your choice |
SP Entity ID | SP Entity ID/ Issuer |
ACS URL | ACS URL |
SP Certificate | Certificate (Download the file and upload here) |
Configure Identity Provider
By Metadata URL:
By uploading Metadata XML file:
Manual Configuration:
1. IDP Name
2. IDP Entity ID
3. Single Sign On URL
4. Single Logout URL
5. X.509 Certificate
Configure Multiple Identity Providers
When user logs into Confluence, one of the user’s data/attribute coming in from the IDP is used to search the user in Confluence. This is used to detect the user in Confluence and login the user to the same account.
Quick Setup streamlines the initial configuration process by automatically handling all essential details required for a basic SSO setup. This allows you to quickly enable SSO functionality and then configure more advanced features at your own pace.
You can follow the steps provided below initiate a Quick Setup:
2.1: Service Provider Metadata
After selecting your preferred IDP, you’ll be taken to the Service Provider (SP) Metadata section. Here, you will find the metadata that you need to provide to your IDP.
The setup gives you two ways to add this metadata to your IDP. Let’s explore these two methods in depth:
2.1.1: Importing the metadata
2.1.2: Manually adding the metadata
2.2: Configuring your Identity Provider
Let’s explore how you can configure your IDP using the metadata.
2.2.1: Custom IDP name
2.2.2: Adding the IDP metadata
Next, you can scroll down on the same page to add IDP metadata. Our plugin provides three ways for you to add your IDP metadata. You can select any one of the three methods using the corresponding dropdown list.
Let’s look at the three options individually:
2.2.2.A: I have the metadata URL for my IDP
2.2.2.B: I have a file which contains the metadata
2.2.2.C: I want to manually configure the IDP
2.2.3: Testing the configuration
2.3: User Profile
With the Identity Provider (IDP) configured, we will now set up the basic user profile attributes for your Service Provider (SP).
2.3.1: Matching a user
2.3.2: Setting profile attributes
2.4: User Groups - Default groups
2.5: Troubleshooting and Support
Here, you can review the results of a successful test configuration, including the attributes received from your IDP, the SAML request sent, and the SAML response received.
The Quick Setup method establishes basic SSO functionality for your end-users. However, you can further customize your setup by utilizing the full set of features provided by the plugin.
To access advanced configuration options:
2.1: Service Provider Metadata
If you intend to customize your IDP setup from the start, you can find the required Service Provider (SP) metadata under the SP Metadata section. It contains essential information about your SP configuration that you will need to provide to your IDP for seamless integration.
There are multiple ways to add this metadata to your IDP:
2.1.1: Importing the metadata
2.1.2: Manually add the metadata
If you wish to add the metadata manually, you will find the following information in this section. You will need to provide these details to your IDP.
2.2: Configuring Your Identity Provider
The manual setup flow allows you to dive into the complete set of configurations provided by the plugin to add a SAML IDP.
The steps to configure an IDP using the Manual Setup option are:
2.2.1: Adding IDP Metadata
There are three ways you can configure IDP settings with the information you have been given by your IDP team:
2.2.1.1: By Metadata URL
2.2.1.2: By Uploading Metadata XML File
2.2.1.3: Manual Configuration
Go to Manual Configuration tab and enter the following details:
2.3: User Profile
2.3.1: Finding correct attributes
2.3.2: Setting profile attributes
2.3.3: Matching a user
When a user logs into Jira, one of their attributes from the IDP is used to search for their account. This enables Jira to detect the user and log them into the corresponding account.
You can configure it using the steps given below:
2.4: User Groups
Now, let's move on to configure user group attributes for Jira. This feature allows you to replicate the user groups present in your IDP within your Service Provider (SP) environment.
You can accomplish this in the following ways:
2.4.1: Setting default group
2.4.2: Finding Group Attribute
Similarly to how you identified the Attribute Names for User Profiles, you will need to locate the attribute name corresponding to group information.
Here’s how you can do this:
2.4.3: Group Mapping
Group Mapping can be done in two ways:
2.4.3.1: Manual Group Mapping
2.4.3.2: On-The-Fly Group Mapping
2.5: Troubleshooting and Support
Thank you for your response. We will get back to you soon.
Something went wrong. Please submit your query again
Enable 2FA/MFA for users & groups and let users configure 2FA during their first login.
Know MoreSynchronize users, groups & directory with SCIM & REST APIs for Server/DC.
Know MoreSecure your Confluence Data Center/Server REST API using API Tokens.
Know MoreIf you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.