Jira Cloud SAML Single Sign-On (SSO)

With CyberArk as your CyberArk Identity, you can choose single-sign-on (SSO) access to the Jira Cloud web and mobile applications with IdP-initiated SAML SSO (for SSO access through the Identity User Portal) or SP-initiated SAML SSO (for SSO access directly through the Jira Cloud web application) or both. Providing both methods gives you and your users maximum flexibility.

If Jira Cloud is the first application you are configuring for SSO through CyberArk Identity, read these topics before you get started:

Jira Cloud SSO Requirements

Before you configure the Jira Cloud web application for SSO, you need the following:

  • A Jira Cloud account.
  • An organization administrator and Jira Cloud site administrator (user with admin permission in the group “site-admins”)
  • Domains of SSO users’ email addresses added and verified before configuration.

Configure your organizations

Atlassian uses organizations to manage your domains and user accounts, providing control and visibility across your Atlassian Cloud applications. Setting up your organization and verifying a domain are pre-requisites to configuring SSO. Refer to https://confluence.atlassian.com/cloud/organization-administration-938859734.html for more information about configuring your organization with Atlassian.

Add and configure Jira Cloud in the Identity Administration portal

The following steps are specific to the Jira Cloud application and are required in order to enable SSO for Jira Cloud. For information on optional configuration settings available in the Idaptive the Identity Administration portal, see Configure optional application settings.

Configure Jira Cloud for SSO

You need organization administrator privileges to perform these steps.

It can be useful to open the web application and the Identity Administration portal simultaneously and have them both open, perhaps side by side. As part of the SSO configuration process, you’ll need to copy and paste settings between the two browser windows.

The following steps are specific to the Jira Cloud application and are required in order to enable SSO for Jira Cloud. For information on optional configuration settings available in the Idaptive the Identity Administration portal, see Configure optional application settings.

Configure Jira Cloud mobile apps for SSO

Jira Cloud provides mobile applications that support SSO for iOS and Android devices.

SP-initiated SSO will be launched after you enter the site name (subdomain) of your Jira Cloud and an email address with a verified domain.

For more information about Jira Cloud

For more information about configuring Jira Cloud for SSO, see:

https://confluence.atlassian.com/cloud/saml-single-sign-on-873871238.html

Jira Cloud specifications

Each SAML application is different. The following table lists features and functionality specific to Jira Cloud.

 

Capability

Supported?

Support details

Web browser client

Yes

 

Mobile client

Yes

iOS and Android

SAML 2.0

Yes

 

SP-initiated SSO

Yes

 

IdP-initiated SSO

Yes

 

Force user login via SSO only

Yes

Users with an email address at a domain that has been verified must use SSO.

Separate administrator login
after SSO is enabled

No

 

User or Administrator lockout risk

Yes

 

Automatic user provisioning

No

 

Multiple User Types

Yes

SSO works the same way for all admin and non-admin user types.

Self-service password

Yes

Users can reset their own passwords. Resetting another user’s password requires administrator rights.

Access restriction using a corporate IP range

Yes

You can specify an IP Range in the Identity Administration portal Policy page to restrict access to the application.