SSO for JSM Customers using AWS Cognito as OAuth Provider

Our SAML/OAuth SSO for JSM Customers app offers the functionality to seamlessly integrate OAuth/OpenID Single Sign-On into the JSM customer portal, ensuring compatibility with all OAuth/OpenID Providers. This guide will outline the steps for configuring SSO between the JSM customer portal and your OAuth/OpenID Provider. By following these instructions, customers will undergo authentication via your OAuth/OpenID Provider prior to accessing the JSM customer portal. This integration facilitates a smooth customer experience while also mitigating spam ticket.

Try it for free

Download and Installation

Log into your Jira instance as an admin.
Navigate to the settings and Click on Apps.
Locate SAML/OAuth SSO for JSM Customers.
Click on free trial to begin a new trial SAML/OAuth SSO for JSM Customers.
On menu bar click on Apps. Locate SAML/OAuth SSO for JSM Customers .

Step 1: Setup AWS Cognito as OAuth Provider

Navigate to the SAML/OAuth for JSM Customers plugin configuration page, then go to "SSO Configurations" and copy the callback URL from the plugin and keep it handy, as you'll need it to configure AWS Cognito as the OAuth provider.

AWS Cognito Single Sign On (SSO) : Login to Amazon Console

Search for Cognito in the AWS Services search bar as shown below.

Search for Cognito in AWS Services to configure SSO

Click on Create a user pool to create a new user pool.

AWS Cognito OAuth/OpenID Single Sign On (SSO)

Enter the name of the application and choose the attributes in your user pool to be used during the sign-in process and click on save button.

Once the User Pool is created, scroll down and click on “Go to overview”.

Go to Application >> App clients, go to “Login pages” and click on Edit.

Enter “Callback URL”, which you will get from your miniOrange plugin present on your Client side and paste it under the Allowed callback URLs text-field. Also refer the following image select Identity provider as Cognito user pool & Select Authorization code grant under the OAuth 2.0 grant types and also select openid, email, phone and profile checkboxes under the OpenID Connect scopes section (Please refer to the image below) and Save the changes.

Click on the Edit button in the App client information section of your app client.

Refer to the following image for choosing the authentication flows for your app and Save the changes.

Select the relevant user pool, go to the 'Users' tab under 'User Management', and create a new user.

Enter the details such as email address & password. Click on Create user to save the details.

After successfully creating the user, you will need the Client ID, Client Secret, and Domain URL to establish the connection between the Service Provider (SP) and the Identity Provider (IdP).
To get the details, select your Current user pool, go to the Applications >> App clients and select your App client.

Copy Client ID and Client Secret.

To get the domain URL go to Branding >> Domain and copy the Domain URL.

We will need Domain URL, Client ID and Client Secret in the next step.
You have Successfully complete AWS Cognito side configuration.

Step 2: Setup JSM as OAuth Client

Go to the Manage Apps -> click Getting started under SSO Integration with Helpdesk then click on the Add New Identity Provider.

SSO for JSM Customers using Microsoft Entra ID (Previously known as Azure AD) as OAuth Provider | add identity provider

Select OAuth/OIDC and click on the next button.

SSO for JSM Customers using AWS Cognito as OAuth Provider | Select provider

Select AWS Cognito from the Selected Application dropdown menu.
Enter Client Id, client secret & AWS Cognito Domain name as {your domain name}.auth.{region name}.amazoncognito.com
Add https://{domainName}/logout?client_id={ClientID}&logout_uri={Sign out URL} in logout endpoint. This endpoint will logout you from Cognito when you logout from JSM customer portal.
Configure the scope as openid profile email.
You can also add additional scopes space separated as per the requirement.
Click on Save button and then test connection for verifying the entered details.

SSO for JSM Customers using AWS as OAuth Provider | Enter details

Step 3: User Attribute Mapping

For filtering users, navigate to the Manage Users tab, where you will find filter users by section.

Once you see all the values in Test connection, go to User Attribute Mapping. Map attributes like Email, firstname, lastname, etc. Click on Save.

SSO for JSM Customers using Azure AD as OAuth Provider | attribute mapping

Step 4: Integrate Atlassian HelpDesk with JSM SSO

Navigate to the Jira Configuration tab. Click on the Configure API Token and configure the Service Account API token with the email.

It is necessary to have admin permissions for the service account.

SSO for JSM Customers using ADFS as OAuth Provider | service account

After successful configuration of API token all the service desk projects with respective links will be displayed. These substituted links will be used by customers for accessing particular projects with SSO.

SSO for JSM Customers using ADFS as OAuth Provider | API token

Copy any of the substitute links you see for your portals and try accessing it in a private browser window. You would be automatically redirected to your Identity Provider for authentication and would be allowed access to the portal only after successful authentication.

Additional Resources

Did this page help you?