Modern healthcare organizations are no longer just a single hospital building. You may operate multiple hospitals, outpatient clinics, specialty centers, laboratories, imaging facilities, and administrative offices.
On top of that, you work closely with insurance providers, medical equipment vendors, third-party service providers, and affiliated physician networks.
Jira Service Management (JSM) is an effective platform to manage service requests across these groups. IT support, medical device maintenance, facilities management, application access requests, procurement requests, and vendor support can all be delivered through JSM customer portals. But it's not without its limitations.
How do you provide secure portal access to thousands of users spread across different organizations and manage them as portal-only customers when they all use different domains?
This is where Single Sign-On (SSO) for JSM customer portals becomes valuable.
In this blog, we'll explore how the miniOrange SAML/OAuth SSO for JSM Customers app helps healthcare organizations simplify access management while improving security and operational efficiency.
The Challenges of Multi-Branch Healthcare Portals
When managing an enterprise healthcare ecosystem, users are not uniform. They do not share the same email domain, and they certainly do not use the same login system. But they want to authenticate through their existing identity systems. This makes identity management and SSO a challenge.
1. Single IdP Roadblock
Your internal hospital staff might use Microsoft Entra ID. An acquired outpatient clinic might still be on Okta. Meanwhile, your external insurance partners use Google Workspace or Ping Identity.
Atlassian's native customer portal SSO capabilities require Atlassian Guard, which only allows you to connect a single Identity Provider (IdP) for portal-only customers.
If your healthcare business deals with multiple external insurance systems, distinct hospital networks, or partner clinics, each using a different IdP, the Atlassian Guard Standard plan may not meet these requirements. You have to opt for the Enterprise plan, which costs more than double. And expecting external vendors to migrate to your identity provider simply to access a service portal is a pipe dream.
2. Lack of Native OAuth/OIDC Support
Atlassian Guard's customer portal SSO only supports SAML 2.0. It does not support OAuth or OIDC. Healthcare enterprises increasingly rely on modern identity platforms and customer IdPs that use OAuth 2.0 or OpenID Connect rather than SAML alone. If your partner networks rely on OAuth apps, you are out of luck.
3. Managing Access Across Departments
Different healthcare departments frequently require separate service portals, such as biomedical engineering teams or clinical application support teams. Not every user should have access to every portal. Managing access manually becomes difficult as organizations grow.
How SAML/OAuth SSO for JSM Customers Solves the Problem
The miniOrange SAML/OAuth SSO for JSM Customers app enables healthcare organizations to authenticate portal users through their existing IdPs.
Instead of creating separate Jira credentials, users simply log in using the identity they already use.
Here is how it solves your healthcare delivery challenges:
Support for Multiple IdPs
The miniOrange SAML/OAuth SSO for JSM Customers app allows you to configure multiple IdPs. You can accommodate diverse authentication environments without forcing every user into a single identity platform.
This is especially useful after mergers and acquisitions. Newly acquired hospitals and clinics can maintain separate identity systems, while you can still manage centralized portal access.
Granular Portal Access and Automated Mapping
If you have multiple hospitals across the globe with different portals—or specialized portals for pediatric care, oncology, general billing, and more—this feature helps you restrict access to specific portals based on IdP groups or JSM Organizations.
When a user authenticates, the app reads their IdP attributes. It can automatically map them to specific JSM Organizations based on their email domain or department assignments.
Native Support for OAuth and OIDC
With miniOrange, you can connect OAuth/OIDC IdPs straight to JSM. The app automatically redirects users based on their email domain for a seamless, zero-friction login experience.
Stronger Security With MFA
If your IdPs don't have multi-factor authentication enforced for certain external tiers, miniOrange provides its own built-in, in-house MFA. You can enforce TOTP, push notifications, or hardware tokens right at the login step. This adds an additional layer of protection for sensitive workflows and helps reduce the risk of unauthorized access.
Dynamic User Attribute Mapping
Medical personnel are incredibly busy. They shouldn't be spending time filling out forms.
With miniOrange, user information from the IdP can be mapped directly into Jira custom fields. This allows you to automatically populate information such as:
- Department
- Branch location
- Employee ID
- Job role
- Business unit
When a nurse opens a ticket to report a broken device, their facility details are already populated, ensuring faster resolution times and fewer manual errors.
Better Compliance
By using miniOrange to enforce SSO or MFA, you get a clearer record of who accessed the portal and when they authenticated. This helps support auditability and compliance initiatives.
Having a centralized and auditable authentication trail can simplify reporting for healthcare organizations that regularly undergo reviews and audits.
Conclusion
By deploying the miniOrange SAML/OAuth SSO for JSM Customers app, you simplify portal authentication and improve access security across distributed teams.
For your users: They get single-click access to the exact service desks they need using their existing credentials.
For your IT team: You automate organization mapping, strengthen access controls, and simplify user administration.
All in all, you avoid massive Atlassian Guard line items, allowing you to allocate those IT budget dollars back to patient care and clinical innovation.
Get the miniOrange SAML/OAuth SSO for JSM Customers app on the Atlassian Marketplace →
Frequently Asked Questions
1. What is SSO for Jira Service Management customer portals?
SSO for Jira Service Management customer portals allows users, such as caregivers, insurance partners, or clinic staff, to log in using an existing identity provider instead of creating separate Jira credentials.
2. Does Atlassian Guard support SSO for Jira Service Management portal-only customers?
Atlassian Guard provides customer portal SSO capabilities but requires Atlassian Guard licensing and currently supports only a single identity provider for customer portal authentication in the Standard plan. This is where the miniOrange SAML/OAuth SSO for JSM Customers app helps connect multiple IdPs and provides extended functionality.
3. Can customers log in using Google, Microsoft, Okta, or other identity providers?
Yes. With the miniOrange SAML/OAuth SSO for JSM Customers app, customers can authenticate through providers such as Google, Microsoft Entra ID, Okta, Azure AD B2C, Auth0, Keycloak, and other SAML, OAuth, or OpenID Connect (OIDC) providers.
4. Can healthcare organizations enforce multi-factor authentication for employees, contractors, and partner organizations?
Yes. MFA can be enforced through the identity provider or through the miniOrange in-house solution.
5. Does implementing SSO require customers to create new accounts? No. Customers can continue using identities they already have with their healthcare provider, partner organization, or preferred identity platform, depending on the deployment model.



Leave a Comment