How Mercedes Secured Atlassian Login with miniOrange OAuth/OIDC SSO and 2FA
Mercedes-Benz Group, a global leader in automotive innovation, needed a secure way to enforce two-factor authentication (2FA) through their in-house OpenID Provider for users accessing Jira and Confluence via Single Sign-On (SSO). Since they were an existing user of miniOrange’s OAuth/OIDC Single Sign-On app, we were able to implement a quick and seamless solution that enhanced security without disrupting the user experience.
Mercedes Business Challenge
Mercedes needed a way to enforce 2FA only for Jira and Confluence SSO logins via their OpenID Provider, without disrupting other apps or user experience.
Enforcing Conditional 2FA for Atlassian SSO Without Breaking Existing Workflows
Mercedes needed to enforce two-factor authentication (2FA) specifically when users accessed Jira and Confluence via SSO, using their internal OpenID Provider. While they were already using miniOrange’s OAuth/OIDC SSO plugin to facilitate login, their goal was to trigger 2FA dynamically based on the source of the login request, without affecting other applications connected to the same provider or introducing friction into the user experience.
They had two clear requirements:
- Enforce 2FA only when users accessed Atlassian tools via SSO
- Preserve the existing login experience without interruptions or additional steps
At the time, no product in the Atlassian Marketplace provided this level of control over SSO-based authentication. As an existing miniOrange customer, Mercedes approached us for a solution tailored to this use case.
How miniOrange Helped Solve Mercedes’ Challenge
miniOrange enabled Mercedes to trigger 2FA selectively during SSO by injecting a custom acr value into the authorization request.
Smart 2FA Triggering Using Custom Parameters in OAuth SSO Flow
The miniOrange OAuth/OIDC SSO app was configured to include an additional parameter in the SSO request — a custom acr value. This value is evaluated by the OpenID Provider, which then determines whether to prompt the user for 2FA based on the acr parameter.
Here’s how the flow works:
- The administrator configures a custom acr value within the miniOrange SSO app
- This value is automatically added to the authorization request sent during SSO
- The OpenID Provider detects the acr value and enforces 2FA for the login
- Once the user completes authentication, the provider returns the response
- The miniOrange app logs the user into Jira or Confluence seamlessly
This setup allowed Mercedes to control when 2FA is triggered without modifying their Identity Provider or user flows. It strengthened security during SSO while keeping the experience frictionless.
Success Outcome: Seamless 2FA Enforcement with Zero Workflow Disruption
With this solution in place, Mercedes was able to:
- Enforce 2FA automatically during Atlassian logins
- Maintain a seamless SSO experience for end users
- Avoid manual provisioning or workflow disruptions
- Strengthen security without increasing administrative complexity
All of this was achieved without the need for additional tools, custom scripts, or infrastructure changes.
Results and Business Impact
- Stronger Security, Every Login: Two-factor authentication is now automatically enforced for all Jira and Confluence access requests, reducing the risk of unauthorized access without relying on users to opt in.
- Frictionless User Experience: End users continue to log in through their existing Identity Provider, with no additional steps or interruptions—ensuring high adoption and zero disruption.
- Simplified Admin Control: 2FA enforcement is managed entirely through a single configuration field in the miniOrange plugin, eliminating the need for custom development or complex setup.
- Scalable and IdP-Agnostic Integration: Fully compatible with any OpenID-compliant Identity Provider, the solution fits seamlessly into Mercedes’ existing infrastructure and can scale with evolving enterprise needs.
About Mercedes-Benz Group
Mercedes-Benz Group AG is a global leader in premium automotive manufacturing. Known for innovation, safety, and quality, the company serves customers in over 150 countries. With a large enterprise workforce and complex development infrastructure, Mercedes requires scalable and secure access management across its global operations.