Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Custom cookie based SSO with jira service desk

Roland
Roland
Contributor
August 16, 2020

I want to see if the following is possible:

  • Our CRM holds our user database. (nopCommerce) 
  • A user is authenticated and a cookie is saved with an encrypted token
  • The user clicks support and is redirected to jira service desk
  • Via some plugin or sso jira checks this cookie then calls an api endpoint on our CRM to validate authentication
  • User is logged in without creating a jira account 

We have already implemented the above with InvisionCommunity and it works well

Alternatively:

  • Our CRM holds our user database. (nopCommerce) 
  • A user is authenticated
  • Our CRM calls a JIRA API and creates a new user (if they dont already exist)
  • Our CRM authenticates the user and receives an api token key (or similar)
  • The user clicks support and is redirected to jira service desk with the api token included as a parameter.
  • User is logged in without them creating a jira account 

Are their existing plugins that would do this? If not is it possible to write such a plugin?

Any third parties who do this kind of work or is there documentation so we can do it ourselves? We have a decent budget to achieve the above.

Answer
Watch
Like Be the first to like this
668 views

1 answer

1 accepted

0 votes
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 17, 2020

Hi Roland,

For Atlassian Cloud products, there are just a few authentication options:

  1. Creating Atlassian Accounts (used across all our Cloud products including Bitbucket and Trello) either in advance or by configuring your site to allow anyone with specific email domains to create accounts themselves
  2. Integrating with G Suite / Google authentication
  3. Using Atlassian Access to connect with a SAML-based identity provider such as Okta or Azure AD

I don't get the impression that Nopcommerce can function as an identity provider (unless you've extended it with a plugin that's not published on the internet). But the flow you described is more or less how a SAML assertion works at a high level. My suggestion would be trying to provide a SAML IdP for use with Atlassian Access.

Outside of that, it is possible for people to create Jira Service Desk requests without having an account in advance - they can enter their email address at the time they create a request. See this document for information on how to set this up and the user experience someone might expect with this setup. 

Cheers,
Daniel

View More Comments
Roland
Roland
Contributor
August 17, 2020

"I don't get the impression that Nopcommerce can function as an identity provider (unless you've extended it with a plugin that's not published on the internet). But the flow you described is more or less how a SAML assertion works at a high level. My suggestion would be trying to provide a SAML IdP for use with Atlassian Access."

Correct it doesn't provide SAML but you can essentially bake your own simple variant of it like we have with our forum integration. It would be a hard sell to suggest to port our entire user database to SAML just for the service desk requirement. In the future the service desk may change and it doesn't warrant such a large scale change in how our CRM works.

"Outside of that, it is possible for people to create Jira Service Desk requests without having an account in advance - they can enter their email address at the time they create a request. See this document for information on how to set this up and the user experience someone might expect with this setup. "

I think this is the best compromise, the user enters their email address and we have to accept that they might get it wrong.

Something I don't understand is why we can't write a plugin to do our own authentication, what are the major technical hurdles that prevent us from doing this like we did with InvisionCommunity?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
AUG Leaders

Atlassian Community Events

    See all events