Atlassian Cloud SAML Single Sign-On (SSO) integration

This topic describes how to configure Atlassian Cloud for Single Sign-On (SSO) in CyberArk Identity using SAML.

SSO supported features

This application template supports the following features:

  • IDP-initiated SSO

  • SP-initiated SSO

Before you begin

Before you configure Atlassian Cloud for SAML SSO, do the following:

  • Confirm that your organization has a subscription for Atlassian Access.

  • (Optional) Add the CyberArk Cloud Directory to your organization.

  • Confirm that Atlassian Cloud and CyberArk Identity both use HTTPS and that the configured Atlassian base URL uses HTTPS.

  • In Atlassian Cloud, go to Settings > Add domain to add a domain that represents your organization. For example: example.com. Upload the DNS TXT records to your website DNS folder. Then verify the domain.

  • Using the new domain, add accounts to Atlassian Cloud for an admin and a user. In the Identity Administration portal, add the same domain (Settings > Customization > Suffix > Add). Then add the same admin and user accounts to CyberArk Identity.

Obtain the following information from Atlassian Cloud:

SP information from Atlassian Cloud

Name

Format

Atlassian Cloud Domain (SSO URL)

 

https://auth.atlassian.com/login/callback?connection=saml-<Organization-ID>

Example:

https://auth.atlassian.com/login/callback?connection=saml-a0883c56-2694-44dd-bea5-e6c27f8a6607

SP Entity ID

https://auth.atlassian.com/saml/<Organization-ID>

Example:

https://auth.atlassian.com/saml/a0883c56-2694-44dd-bea5-e6c27f8a6607

Configure the Atlassian Cloud app template in the Identity Administration portal

Step 1: Add the Atlassian Cloud web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure Trust settings

  1. Go to the Trust tab.

  1. In the Identity Provider Configuration section, select Metadata, copy the following information and save it: Identity Provider URL, Signing certificate, and Identity Provider Login Page URL.

    You will need this information later when you configure the SAML integration in Atlassian Cloud.

  2. In the Service Provider Configuration section, select Manual Configuration. Use the values you copied from Atlassian Cloud and paste them into the corresponding fields in the Identity Administration portal.

    Service provider information
    Name in Atlassian Cloud Name in CyberArk Identity
    Atlassian Cloud Domain (SSO URL) Assertion Consumer Service (ACS) URL
    SP Entity ID SP Entity ID

Step 3: Configure the SAML Response

  1. Verify the following attributes with the Atlassian Cloud attribute name in the Attribute Name column and the CyberArk attribute in the Attribute Value column.

    Attributes are case-sensitive.

    SAML response attributes
    Attribute Name Attribute Value

    givenname

    LoginUser.FirstName

    surname

    LoginUser.LastName

    name

    LoginUser.Username

  2. Map any other attributes that you want to pass in the SAML response, then click Save.

Step 4: Configure permissions to grant Atlassian Cloud users SSO access

Grant SSO access to Atlassian Cloud by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 5: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Atlassian Cloud for SAML SSO

Perform these steps in Atlassian Cloud to configure the Atlassian Cloud app template for SSO.

  1. Sign in to Atlassian Cloud as the administrator.

  2. Go to Security > Identity Provider > Add Identity Provider.

  3. Paste the information you copied from the IdP into the corresponding fields.

    IdP metadata

    Name in CyberArk Identity

    Name in Atlassian Cloud
    Identity Provider URL Identity provider Entity ID
    Signing certificate Public x509 certificate
    Identity Provider Login Page Identity provider SSO URL

Test the Atlassian Cloud SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Atlassian Cloud, Atlassian Cloud users can benefit from IdP-initiated or SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity with a user account that exists in both Atlassian Cloud and CyberArk Identity.

  2. Click the Atlassian Cloud application tile to launch Atlassian Cloud in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to https://id.atlassian.com/login to sign in to Atlassian Cloud.

  2. Enter the domain user email address, then sign in to the CyberArk IdP.

    You are redirected to Atlassian Cloud.

Additional information

See the following Atlassian Cloud documentation for additional resources:

Configure SAML single sign-on with an identity provider