SSO for JSM Customers using Google Apps as OAuth Provider

Our SAML/OAuth SSO for JSM Customers app offers the functionality to seamlessly integrate OAuth/OpenID Single Sign-On into the JSM customer portal, ensuring compatibility with all OAuth/OpenID Providers. This guide will outline the steps for configuring SSO between the JSM customer portal and your OAuth/OpenID Provider. By following these instructions, customers will undergo authentication via your OAuth/OpenID Provider prior to accessing the JSM customer portal. This integration facilitates a smooth customer experience while also mitigating spam ticket.

Try it for free

Download and Installation

Log into your Jira instance as an admin.
Navigate to the settings and Click on Apps.
Locate SAML/OAuth SSO for JSM Customers.
Click on free trial to begin a new trial SAML/OAuth SSO for JSM Customers.
On menu bar click on Apps. Locate SAML/OAuth SSO for JSM Customers .

Step 1: Set Up Google Apps as OAuth Provider

Login to Google Console: Visit the Google's Developer Console and login to your account.
Click Select a project, then NEW PROJECT, and enter a name for the project, and optionally, edit the provided project ID. Then click on Create button.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Setup Google app

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login NEW PROJECT

Select your project, click on APIs & Services and select OAuth consent screen option.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login OAuth Consent Screen

On the Consent screen page, select the User Type and click on Create. In the next screen, provide Application name and save the changes.
Now go to Credentials, click on Create Credentials and select OAuth Client ID.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Create credentials

Select Web Application as application type.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Application type

Click on the Add URI button in Authorized redirect URIs section. Collect the callback URL provided in the plugin and enter it here. Click on Create.
The callback URL would be {oauth_client_base_url}/plugins/servlet/oauth/callback

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Redirect URI

Get Client ID and Client Secret: Copy the client ID and Client Secret to your clipboard, as you will need them when you configure miniOrange plugin.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Get Client ID

To send user's group to the client application, you need to enable Admin SDK and API access. For Admin SDK, navigate to the Dashboard and click on ENABLE APIS AND SERVICES.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Enable APIS and Services

Now search for Admin SDK, select it from the list and then click on ENABLE button.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Admin SDK

To enable API Access you need to login into Google Admin console. In Google Admin Console, go to Security ->Settings.

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login Security ->Settings

Look for API Permissions -> Enable API access

OAuth/OpenID/OIDC Single Sign On (SSO), Google Apps SSO Login API reference

Step 2: Setup JSM as OAuth Client

Go to the Manage Apps -> click Getting started under SSO Integration with Helpdesk then click on the Add New Identity Provider.

SSO for JSM Customers using Google Apps as OAuth Provider | add identity provider

Select OAuth/OIDC and click on the next button.

SSO for JSM Customers using Google Apps as OAuth Provider | select protocol

Select Google Apps from the Selected Application dropdown menu.
Enter Client ID, Client Secret and scope as email. And if you also want to fetch group info of the users then enter email https://www.googleapis.com/auth/admin.directory.group.readonly in the scope field.

SSO for JSM Customers using Google Apps as OAuth Provider | verify details

Verify the Google Administrator Account : For fetching the user groups from Google, you need to verify your Google Administrator's account . After saving all the details in the SSO Configuration tab, you will be redirected to a page listing all configured identity providers.
Click on Edit button in front of app configured for Google Apps.
You will be again redirected to the configured Google OAuth app.
Click on Verify Admin Credentials.

NOTE: You need to login with your Google Administrator's account in this step. If you login with an user account, groups will not be fetched from Google.

If you are unable to fetch Groups then Go to Permissions and click on REMOVE ACCESS

OAuth / OpenID Single Sign On (SSO) using Google Apps, remove access

Click on Save button and then test connection for verifying the entered details.

Step 3: User Attribute Mapping

For filtering users, navigate to the Manage Users tab, where you will find filter users by section.

Once you see all the values in Test connection, go to User Attribute Mapping. Map attributes like Email, firstname, lastname, etc. Click on Save.

SSO for JSM Customers using Azure AD as OAuth Provider | attribute mapping

Step 4: Integrate Atlassian HelpDesk with JSM SSO

Navigate to the Jira Configuration tab. Click on the Configure API Token and configure the Service Account API token with the email.

It is necessary to have admin permissions for the service account.

SSO for JSM Customers using ADFS as OAuth Provider | service account

After successful configuration of API token all the service desk projects with respective links will be displayed. These substituted links will be used by customers for accessing particular projects with SSO.

SSO for JSM Customers using ADFS as OAuth Provider | API token

Copy any of the substitute links you see for your portals and try accessing it in a private browser window. You would be automatically redirected to your Identity Provider for authentication and would be allowed access to the portal only after successful authentication.

Additional Resources

Did this page help you?