How Merck Group Simplified SSO and User Access with miniOrange
Merck Group, a global leader in pharmaceuticals and life sciences with over 65,000 employees, faced challenges providing secure and cost-effective access to Confluence and Jira for a diverse set of users. Using miniOrange’s SAML SSO solutions, they enabled seamless authentication, secure guest access, and multi-base URL Jira support—saving costs and strengthening security across their Atlassian ecosystem.
Merck Group Business Challenge
Merck Group faced two key challenges: providing secure, license-free Confluence access for guest users without exposing content publicly, and enabling seamless SSO that redirected users to the correct Jira base URL based on their entry point.
Challenge 1: Secure, Cost-Effective Access for Licensed and Guest Users
Merck Group needed to grant Confluence access to unlicensed and guest users without buying costly licenses or exposing pages publicly. They wanted to maintain tight control and security while enabling guest user collaboration.
Challenge 2: Managing Multiple Jira Base URLs with Seamless SSO
Merck’s single Jira instance was accessed via two different base URLs for different user sets. They required users to authenticate via SSO and be redirected back to their respective URLs automatically, without requiring manual intervention or IdP adjustments.
How miniOrange Helped Solve Merck Group’s Challenges
miniOrange addressed both challenges by customizing its SAML SSO plugin to enable secure, license-free guest access in Confluence via Merck’s IdP, and by adding multi-ACS URL support in Jira to deliver seamless SSO with automatic redirection to the correct base URL.
Enabling Secure Guest Access in Confluence
miniOrange customized its SAML SSO plugin to allow guest users to authenticate via Merck’s Identity Provider (IdP) before accessing designated public Confluence spaces. This enabled secure guest access without purchasing additional licenses or exposing pages globally.
Supporting Multiple Jira Base URLs with SAML
miniOrange developed support for multiple Assertion Consumer Service (ACS) URLs within Jira and configured separate Azure AD apps corresponding to each Jira base URL. This allowed seamless SSO authentication and automatic redirection to the correct Jira instance URL without extra IdP configuration.
Success Outcome: Secure Access and Cost Savings Without Compromise
Merck Group gained:
- Cost Savings: Avoided costly licensing fees by enabling controlled guest user access in Confluence.
- Enhanced Security: Ensured guest and licensed users authenticated securely through the IdP, protecting sensitive content.
- Seamless User Experience: Provided smooth SSO login and correct post-login redirection for Jira users across multiple URLs.
- Simplified User Management: Efficiently managed guest, inactive, and licensed users without manual provisioning overhead.
Results & Business Impact
- Substantial License Savings: Guest users no longer required costly Confluence licenses.
- Stronger Security Controls: Authentication gated via IdP ensured only authorized access.
- Improved Jira Usability: Users redirected correctly based on their base URL, reducing login confusion.
- Operational Efficiency: Reduced admin workload with automated provisioning and SSO management.
About Merck Group
Merck Group is a global healthcare and life sciences company providing a wide portfolio of products and services to support researchers and pharmaceutical manufacturing. With over 65,000 employees worldwide, Merck relies on robust and secure IT infrastructure to enable collaboration while protecting sensitive data.