Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Once you have created your AD account,

  1. Navigate back to the homepage.

  2. Select “More Services”

    Image Modified

  3. On the sidebar, navigate to the “Identity” tab

  4. Select the “Enterprise applications”

    Image Modified

  5. Select “New Application

    Image Modified

  6. Select ”Create your own application”

  7. Provide a name

  8. Select the “Integrate any other application you don't find in the gallery (Non-gallery)” option

  9. Select the “Create” button

You have now created the application.

Set up single sign-on

  1. Select the “Single sign-on” tab

    Image Modified

  2. Select the “SAML” card

    Image Modified

  3. The following page will open

    • Here you set the configuration, there are 4 steps and 1 step to test the scheme.

      Image Modified

       

SSO configuration

  1. Step one includes the basic SAML configuration, select the 3 dots on the right corner of this card and click on the “edit” button.

    • Identifier (Entity ID)

      • Open the global settings of External Share on your Jira instance

        • (Apps dropdown menu > External Share > Global Settings > SSO configuration)

      • Enable SAML SSO by ticking the box

      • Copy the “Issuer ID” value

      • Click on Add identifier (On Azure)

      • Paste the value into the “Identifier” field

    • Reply URL (Assertion Consumer Service URL)

      • Click on Add Reply URL

      • Open the global settings of External Share on your Jira instance

      • Copy the “Assertion Consumer URL” value

      • Click on Add Reply URL (On Azure)

      • Paste the value into the “Reply URL” field

    • Sign on URL

      • Open the global settings of External Share on your Jira instance

      • Copy the value from the “Service Provider Login Url” field and paste it into the “Sign on URL” field. Note that this value is generated dynamically when Workspace name is changed.

    • Relay State

      • Open the global settings of External Share on your Jira instance

      • Copy the “Default Relay State” value

      • Paste the value into the “Relay state” field

    • Save

  2. Step two “Attribute and Claims”

    • Please ensure that the “Unique User Identifier” is set to “user.mail”, External Share treats user email addresses as their unique identifier

    • Please keep in mind you only need to provide the following information. No additional attributes are required

      Image Modified

       

  3. SAML Certificates, step three

    • Download the “PEM Certificate”

      • Open with notepad

      • Copy the value

      • Paste this value into the “Certificate” field on the global settings of External Share on your Jira instance

    • Please make sure to check the expiry date for the certificate, once the certificate is expired, it needs to be manually rotated.

  4. Set up, step four

    • Copy the “Login URL” value and paste it into the “Login URL” field on the global settings of External Share on your Jira instance

    • Copy the “Azure AD Identifier” value and paste it into the “Identifier” field on the global settings of External Share on your Jira instance

    • Choose a name for your “Workspace identifier” field - Please note that your workplace identifier is the data used to identify your Jira instance and your users will need to use this identifier in order to login via SSO, therefore this information must be actively available to users.

    • Save

Info

There are no users assigned at this stage.

Assign users

  1. Navigate to “Users and groups” (Sidebar menu)

  2. Select the “Add user/group” button (on the navigation bar)

  3. Click on the “Users” field

  4. Add the users you wish to whitelist

  5. Click on the “Assign” button

Note

Configuring SSO does NOT automatically limit users share access to SSO, you must first Require Corporate SSO loginwhen accessing shares.

If you wish to ensure the identity of external users is checked with your identity provider when accessing shares, you must require this option in the security tab in External Share.

...