Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Azure MFA with Atlassian SSO built-in app

Slaven Radovic
Slaven Radovic
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
March 9, 2022

Hello, we are using both Jira and Confluence server, and we manage users centrally in Microsoft AD that's linked to Jira and Confluence via LDAP. 

We're planning to migrate to DC, and we're also interested in implementing MFA via Azure AD.

Is that possible with the Atlassian's built-in SSO app? 

If it is, is it possible to continue to use Microsoft AD/LDAP for user sync, since Atlassian's app doesn't offer that functionality?

If these two are possible, is there any other drawback that makes more sense to use third party apps?

Thanks,

Slaven

Answer
Watch
Like Be the first to like this
803 views

1 answer

0 votes
Lokesh Naktode_miniOrange
Lokesh Naktode_miniOrange
Atlassian Partner
March 9, 2022

Hi Slaven,

I think you are just planning to delegate "User authentication + MFA" to Azure AD but Microsoft  AD/LDAP will be still connected directly with JIRA and Confluence for Sync then yes, you can go ahead with built-in SSO without any issue.

This is Lokesh here and I work for miniOrange, one of the top SSO App developers for Atlassian Application.

From my experience, there is one problem that built-in SSO won't be able to handle that is "Signing key rollover". Here, keys roll over on a periodic basis and, in an emergency, could be rolled over immediately. All applications that use the Microsoft identity platform should be able to programmatically handle the key rollover process.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-signing-key-rollover

In this case, once the signing certificate is changed, SSO will not work. You have to manually update the certificate every time.

If you are interested, you can give a try miniOrange SSO. It has the capability to auto fetch updated certificates and provide advanced security like sign requests, encryption, usability, and provisioning features.

Feel free to reach out to miniOrange in case of any question or need assistance with plugin setup.

Thanks,

Lokesh

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.