Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to configure SAML SSO plugin for Jira Software (Server)

Vishnu Rajan
Vishnu Rajan December 12, 2018

I want to configure enable SSO for Jira software (Server) using Okta. I went through the instruction video posted by the plugin provider (resolution Reichert Network Solutions GmbH), however the nameid formated passed by okta doesn't match Jira. We user username to login to jira instead of email id.

So, Is there a way I can change how we login to jira (changing user name to email) ?

Alternatively, how can I configure SAML SSO plugin when nameid format is different?

I need some help here. 

Answer
Watch
Like Be the first to like this
1012 views

1 answer

1 accepted

0 votes
Answer accepted
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 12, 2018

Hi Vishnu,

I know you booked a video session with us and with that you also openend a support case.

There are a few ways to approach this, but you'll have to share some more information with us or show us during the Screenshare session.

Thanks for looking into our SAML Single Sign On Plugin

Some Background

Our Plugin can work in two Ways with Okta:

- User Synchronisation

During User & Group Synchronisation we really synchronise with OKTA via the OKTA API. So Users are created, updated & disable shortly after changes have been done in OKTA.

For this to work, you'll need an API Token from an Okta Admin Account to make this work (https://wiki.resolution.de/doc/saml-sso/latest/all/user-and-group-synchronisation-user-sync).

This is usually the nicest Way of making this work.

- Just in Time Provisioning 

Is what you have seen in the Video - the User Accounts & Groups are created/updated whenever the User Log's in, based on Attributes that Okta can send in the SAML Message to our plugin.

It has the downside that updates on happen during login and also that we cannot disable any Users, since they will already be blocked by Okta from signing in. 

So most of the time this is a good choice, when you cannot use User Synchronisation (for policy reasons for example).

As for your current Situation, we need to do two things-

a) decide which Provisioning strategy is the right one for you (Sync or Just in Time)

b) Help you migrate to that strategy. 

In particular if the Usernames you get from OKTA are not the same as the one's you currently have in Jira. 

We have multiple Ways of dealing with that - sometimes a simple set of Regular Expressions (i.e. dropping a Domain Part) does the trick.
Our plugin can also identify the User via eMail address as opposed to the UserID field - this usually works in even quite historically grown situations.

However OKTA can also deal with different Username fields/Attributes, so it might also be a case to reconfigure OKTA to send a different field rather than the UserID.

 

This is what we need to help you work through on the Screenshare or in the support case, as it's information you may not want to disclose in a public forum.


Cheers,
Christian

View More Comments
Vishnu Rajan
Vishnu Rajan December 13, 2018

Thanks Christian.

We were able to sort this out during the call today.

Regards,

Vishnu

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security