ATLASSIAN – UPSSO SAML INTEGRATION GUIDE
This document provides instructions to integrate Atlassian with UPSSO based on SAML protocol.
Administrator access to the https://www.atlassian.com/
Administrator access to UPSSO portal.
DOWNLOADING THE IDP CERTIFICATE
1. Login into UPSSO portal as administrator
2. Click on the “IDP Resources” on the left side Navigation Menu and then “DOWNLOAD IDP “ file.
3. Save this file as we need this later.
CONFIGURING UPSSO SAML IN Atlassian.
Login into https://www.atlassian.com/ as an administrator.
Click on the Atlassian Access.
Search for Security Option at the header.
Click on the SAML Single single-sign-on option.
5. Click on Add new SAML
6. Enter the SAML configuration.
Identity provider Entity ID - https://<UPSSO_SERVER_HOST>/upsso/get-idp-metadata
Identity provider SSO URL - https://<UPSSO_SERVER_HOST>/upsso/upsso-service
Copy and paste the Certificate (The certificate downloaded in the section above "DOWNLOADING THE IDP CERTIFICATE” )
7. Save the Configuration to get
SP Entity ID
SP Assertion Consumer Service URL
8. Need to update the Policy to enforce SSO
Click on Authentication Polices
Click on Edit
Under Settings , check the “Enforce single sign-on” and click on Update.
CONFIGURING Atlassian APPLICATION IN UPSSO
1.Login into the UPSSO portal as an administrator.
2.Click on the “Application Management” menu and then click new record button and Clickect SAML application as highlighted below.
3. Click on Atlassian application icon.
4. Please enter the Unique ID present in SP entity URL.Click on the Save button.
TESTING THE INTEGRATION
Make sure to logout from Atlassian.
Login into the UPSSO portal as a user having the same email address as in Atlassian user.
Click on the Atlassian icon as shown below.
4. Select the OTP method and enter the OTP and click on the Verify button.
5. Users will be able to access the Atlassian application.
SSO BYPASS LINK FOR ATLASSIAN
The below link is used to bypass the SSO by Administrator
The users created out of SSO login won't be having the password. So they are prevented from using the above link