Versions Compared

Old Version 12

changes.mady.by.user Christian Reichert

Saved on

compared with

New Version Current

changes.mady.by.user Huiyi Lin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...


Warning

!!! We are currently migrating this Cloud Instance to our own hosted Server instance !!!

Please follow this link to get to the content you wanted: https://wiki.resolution.de/display/SSSO/Setup+SAML+SSO+with+Azure+AD+%28JIRA%29+-+0.14.5

Thanks for your understanding.

...

If your Azure premium account  is not yet enabled, find out how to enable Azure Active Directory Premium trial here. To improve the user experience of our plugin and reduce the costs of our customers from purchasing Azure Premium account, we already applied for being listed in Azure AD Application Gallery. Due to some internal reasons at Microsoft, this process is taking excessively long. If you are already a customer of Azure AD, your voice may help us speed up the process. Support us and request the plugin integration here: waadpartners@microsoft.com.

Installation Procedure
Anchor
Top
Top

...

Step 1: Install the plugin  
Anchor
Step1Step1

  • Install the plugin from the Atlassian Marketplace.
  • Click Add-ons under JIRA Administration on the top right corner of your JIRA interface. Then, you will be taken to Atlassian Marketplace. Search for SAML SSO and click on Free Trial to install. 

Image Removed

  • After installation succeeded, click on Manage, then choose Configure. Now, you are on the plugin configuration page. 

Image Removed

Back to Top

...

Step 2 will be completed in Azure AD. 

Substep A : Select your directory and start application dialog

  • Go to https://manage.windowsazure.com and login with your credentials.
  • Select Active Directory on the left navigation panel, and select the directory that you want to use with SAML Single Sign On.

 Image Removed

  • Click on APPLICATIONS, then click on ADD to start a new application dialogue

Image Removed

Substep B: Add a new application

...

Image Removed

Back to Top

Substep C: Configure the new application

  • Click on Configure Single Sign On. In the Pop-up window choose select Microsoft Azure AD Single Sign-On, then click on Next.

Image Removed

Image Removed

  • Click on Download Metadata (XML) to download the FederationMetadata.xml. We will configure the SAML Single Sign On with the Metadata from Azure AD in Step F.
  • Check the Checkbox Confirm that you have configured... .
  • Click on Next.

Image Removed

  • Fill in a NOTIFICATION E-MAIL for which you want to get notifications for this application.
  • Click Finish to complete the application configuration. Then you come back to the overview page of SAML Single Sign On and continue with Substep D to grant user access. 

Image Removed

Substep D: Grant access to users

  • Click on USERS AND GROUPS and select All Users in the SHOW drop down field. Then click on the tick on the right side to show all users. 
  • Select the user which you want to grant access for this application, and click on ASSIGN at the bottom.
  • Then, click on YES  at the bottom of the black pop-up window to confirm to enable access for selected users.

Image Removed

  • Finally, review “Access” status to see if the user has been successfully granted access to application now.

...

Back to Top

...

Step1

...

Substep A: Load Azure AD Metadata

The recommended way to setup the Azure AD on the SAML Single Sign On is to import the Azure AD Metadata .

  • Select load from XML and paste in the content from the FederationMetadata.xml (downloaded in Step2 Substep C) into the field below.
  • Click on Load to load the Azure AD configurations into the plugin.

Image Removed

Substep B: Configure general JIRA groups in Advance IdP Settings

  • If a user logs in using SAML, he will be added to the groups specified in the User Groups section. This applies to all users. The user is assigned to these groups in addition to the groups in the SAML-response's attribute. 
  • The standard group in JIRA 6 is called jira-users
  • The standard group in JIRA 7 is depending on which JIRA Version you are using:

...

  • Click on show Advanced IdP Settings, find User Group in the drop down menu. 

Image Removed

  • Click Save settings to store the configuration

Image Removed

Back to Top

...

  • In a separate browser, open the URL https://<your-JIRA>/plugins/servlet/samlsso.
  • You should be authenticated by your Azure AD and redirected to the JIRA Dashboard.

...

  • After testing, you can enable the login page redirection to finally activate the plugin. After checking the Enable SSO Redirect checkbox and clicking Save settings, requests to the JIRA login page should be redirected to the Azure AD.

Image Removed

Info

If Enable SSO Redirect is enabled, you can login to JIRA manually by browsing https://<your-JIRA>/login.jsp?nosso. Use this URL if you need to login a local user unknown to the Azure AD or if there are any issues with Single Sign On.

...