How to secure
Atlassian using CASB Solution
Secure your Atlassian with the miniOrange CASB solution to protect sensitive business information against
unauthorized user access by enabling dynamic security restrictions, deep visibility, active threat
detection, and granular access controls. In this guide, we will see how you can configure Atlassian with
CASB for your organization.
Step
1: Sign up with miniOrange CASB
Step 2: Configure your Identity Provider
- Sign in to miniOrange IAM using the same credentials as the CASB dashboard and navigate to the Apps section.
(In this guide, we are using miniOrange as the IDP, but you can contact us at proxysupport@xecurify.com to set up your preferred IDP.)
- You will see a list of all configured applications. Click Add Application to create a new one.
- Search for the Custom SAML App in the search box and click on it.
- Enter a custom application name and click on the Import SP Metadata button in the right corner.
- Add the App Name, and select the file option in SP Metadata. Next, click on the Choose File button. Select the file downloaded in Step 1 and click on Import Button.
- After the file is successfully uploaded, Click on Next Button.
- In the Attribute Mapping section, follow these steps:
- Click on the Add Attribute button.
- Enter groups as the Attribute Name and select User Groups as the Attribute Value.
- Add another attribute by clicking Add Attribute again.
- Enter fullname as the Attribute Name and select Full Name as the Attribute Value.
- Click on the Save button to apply the changes.
- Now, you will be redirected to the Applications, screen where your configured application will be listed. Click on the three dots next to the application and select the Metadata option.
- In the View IDP Metadata section, click on the copy to clipboard next to the Metadata URL to copy it.
- Return to the CASB Dashboard tab, in the Configure Authentication Source section, locate the IDP Metadata section, and click on Upload Metadata.
- In Import IDP Metadata, select Import Format as URL, add IDP Metadata url copied from miniOrange IDP, and click the Import button.
- A prompt will appear confirming that the metadata has been uploaded successfully. Click Save to finalize the configuration.
- Now, return to miniOrange IDP, click on the Users tab in the navigation menu on the left and select User List.
- In the Add User page, add the user's personal details like Email, Username, First Name, Last Name, Phone and Password and click on the Create User Button. (To add multiple users, use Bulk User Registration feature)
- Now, go to the Groups tab, select Manage Groups, and click on the Create Group button.
- In the Add Group section, enter a name for the group in the Group Name field and click on the Create Group button.
- In the Manage Groups section, search for the newly created group and click on the select button next to it. Click on Assign Users option in the dropdown.
- On the Assign Users page, follow these steps:
- select the checkbox for the user created in here.
- Click on the Select Action button and choose Assign to group.
- Click Apply to add users to the group.
- Now, return to the CASB Dashboard and click on Test Connection in the action button for the Authentication Source.
- You will be redirected to the miniOrange IDP Sign-In screen. Enter the credentials for the user added in the previous steps.
- After successful authentication, you will see a screen displaying Test Connection Details. On the left side, you will find attribute keys, and on the right side, their corresponding values.
Step 3: Configure SSO in Atlassian Admin Dashboard
- Once this is done, navigate to the Applications section from the sidebar, go to Atlassian, and click on Configure.
- In this section, open the Authentication Source dropdown, select the authentication source you created earlier, and click Save and Next.
- Now, You are redirected to Basic Settings section.
- Fill in the following details to configure the Atlassian Application:
| Application Name: |
Enter the name of your application |
| Organization Domain: |
Enter your organization's domain.
|
| Attribute Key: |
Enter the Group Attribute Key for the SSO app, which you have configured in the IDP under the SAML attribute section.
|
| Name Attribute Key: |
Enter the attribute names, such as fname, lname, etc., that you have configured in the earlier steps in the SAML Attributes section.
|
| Enter ACS URL: |
You can get the Atlassian ACS URL from the Atlassian admin dashboard.
|
| Enter Entity URL: |
You can get the Atlassian Entity URL from the Atlassian admin dashboard.
|
| Enable MDM: |
If you want to configure miniOrange MDM on your device, enable it. (This check only works with miniOrange MDM)
|
| Enable Reporting: |
If you want to monitor your users’ activities, enable it.
|
- For ACS URL and Entity URL, you need to first configure Atlassian Admin Authentication using the steps below.
- Go to admin.atlassian.com and login with your admin account.
- Navigate to Security > User Security > Identity Providers. Locate the Other provider option and click Choose.
- Enter a name for the Identity Provider Directory and click Add.
- Under the Authenticate users section, click Set up SAML single sign-on.
- Click Next.
- Go to the CASB Dashboard basic settings screen and click on the View IDP Metadata button.
- Find the IDP entity ID and Sign-in page URL. You can also Download the X.509 Certificate using download icon.
- In Atlassian, enter the following CASB Dashboard values:
- IDP entity ID into Identity Provider Entity ID.
- Sign-in page URL into the Identity provider SSO URL.
- X.509 Certificate into Public x509 certificate.
- Once done, click Next.
- Copy the URLs under Copy URLs to your identity provider section and click on Next.
- Go to the CASB Dashboard basic settings and paste the URL copied from the previous step into the ACS URL and Entity URL fields.
- Once done, click on the Save and Next button to update the configuration.
- Select your domain from the drop-down menu and click Next.
- If provisioning is needed, click Set up provisioning. Otherwise, click Stop and Save SAML.
- Navigate to Security > User Security > Authentication Policy and click Edit on your policy.
- Enable the checkbox for Enforce single sign-on.
- Go to the Members tab and click Add members to add members into your directory from the local directory.
- Search for your users in the search bar to add the user or you can add bulk users inside the Bulk entry tab.
- Return to the Settings tab and click Update at the bottom of the page.
- Confirm by clicking Update again in the pop-up.
Step 4: Configure Groups
- Go to the CASB Dashboard, navigate to Group Settings, and click Add New to create a new group.
- In the Group Settings section, provide the group name the same as the one you created earlier in miniOrange IDP and enter a description.
- Now, we'll proceed to assign permissions for applications to the group.
a) App Restriction: In this, the restrictions will be applied over the application based on
the policy that you have configured for the group.
b) No App Restriction: In this, there will be no restrictions on the application for the
group.
c) Disable App: By choosing this option, the application becomes inaccessible from anywhere
for the entire group.
d) Custom App Restriction: By using this, you can apply an application-specific custom
application restriction policy to an application that overpowers the group's restriction policy.
- Once done, click on Save button.
- You have successfully completed admin configuration for the Cloud Access Security Broker (CASB).
- Now, let's move forward with the User Onboarding Process. Follow the CASB extension guide to complete the setup.
External References
miniOrange CASB offers a wide variety of security features
with flexible scalability, all available at the most affordable price to all types of businesses.
Start by signing
up now!
