Versions Compared

Old Version 2

changes.mady.by.user Jon Espen Ingvaldsen

Saved on

compared with

New Version 3

changes.mady.by.user Jon Espen Ingvaldsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This guide takes you through the steps of setting up Onelogin login to the following Atlassian applications:

  • Jira

    Status
    colourBlue
    titleSERVER
    Status
    colourBlue
    titleDATA CENTER

  • Confluence

    Status
    colourBlue
    titleSERVER
    Status
    colourBlue
    titleDATA CENTER

  • Bitbucket

    Status
    colourBlue
    titleSERVER
    Status
    colourBlue
    titleDATA CENTER

  • Bamboo

    Status
    colourBlue
    titleSERVER

  • Fisheye / Crucible

    Status
    colourBlue
    titleSERVER

Expand
titleInstructions for how to download and install the Kantega SSO Enteprise app from Atlassian Marketplace

You find a link to Atlassian Marketplace in the upper right corner of your Atlassian application. Click Manage apps and search for “Kantega”. Click “Free trial” or “Buy now” to install the app.

Add identity provider

A welcome message is shown when you select to configure the app for the very first time. Click “Start setup” and then “Setup SAML / OIDC”.

Select “Onelogin” in the identity provider gallery.

Onelogin allow you to setup single sign-on over both SAML and the OpenID Connect protocol. This knowledge base article describe the practical differences of these two protocols.

In the first wizard step, you select which SSO protocol to use. Click “Next”. Follow the protocol specific setup guides below.

Expand
titleSetup Onelogin with SAML

1. Select provisioning method

The Atlassian applications needs to have information about users logging in and their permissions. At this wizard step, we choose whether user and permission data already exist when users log in with SSO or if user records should be created dynamically (just-in-time provisioning).

You can also specify whether users logging in through Onelogin should be added as members to a set of default groups automatically. Alternatively, you can also retrieve and assign group memberships individually based on attributes in the SAML response. Such configurations are available after the initial setup.

Select provisioning method, default groups and click “Next”.

2. Configure identity provider

Open your OneLogin Admin Console.

Click the "AppsApplications" tab, then "Add appsApp".

Image RemovedImage Added

In the search console, find and select "Kantega SSO"

Image RemovedImage Added

Give the app a name, click “Save”. (Optionally, you can also give the app a description and portal icons).

Configure URLs

Go into the "Configuration" tab

  • Copy the response URL value from the setup wizard into the following fields:

    • ACS (Consumer) URL

  • Copy the URL validator value from the setup wizard into the following fields:

    • ACS (Consumer) URL Validator

Assure the correct roles and users have access to the new application

Under the "Roles" tab you may select what roles should have access to the new application.

You may also give single users access. This is under the specific user found under the “Userstop menu.

3. Copy the SAML Metadata URL

Under More Actions, right click on the SAML Metadata link and copy the URL to your clipboard for later:

Upload SAML Metadata.

Back in the setup wizard you can now press "Next" to get to the import step and paste the metadata url (copied in previous step).

Press "Next" to proceed to the next wizard step.

4. Identity provider name

Fill in a name for your configuration, by default this is “Onelogin”. Click “Next

5. Verify signature

This step shows the certificate used to validate the SAML messages.

Click “Next”.

7. Summary

Validate your setup and click “Finish”.

8. Test and verify setup

On the next page you will be given a link to perform a test of your setup.

The test verifies that users are allowed to authenticate with the current configuration, and you get feedback on whether the current user is found in Atlassian application. You are also able to fix user lookup issues (selecting the right username attribute and express username transformation rules) and select data attributes for just-in-time provisioning here. More info about testing av verifying identity provider configurations.

6. Redirection mode

By default, Kantega SSO Enterprise will forward all users to the configured identity provider. However, you can configure both a subset of users who should be login through this identity provider and how they are redirected. More about configuration redirection rules.

Expand
titleSetup Onelogin with OpenID Connect

1. Select provisioning method

The Atlassian applications needs to have information about users logging in and their permissions. At this wizard step, we choose whether user and permission data already exist when users log in with SSO or if user records should be created dynamically (just-in-time provisioning). Note that, Kantega SSO Enterprise does also offer cloud user provisioning with API Connectors for Okta. This will give you a user directory that reads out user and permission data from Okta and is always kept up-to-date and synchronized. More information about user provisioning alternatives are found here

Info

If you want to utilize API Connectors to synchronize users, we recommend you to setup that before the setting up the SSO integration. When the synchronized user directory is up running, you can set up SSO and choose “Accounts already exist in <..> when logging in”.

You can also specify whether users logging in through Okta Onelogin should be added as members to a set of default groups automatically. Alternatively, you can also retrieve and assign group memberships individually based on attributes in the SAML response. Such configurations are available after the initial setup.

Select provisioning method, default groups and click “Next”.

2. Callback URL

Image RemovedImage Added

The field “Callback URL” will be needed when configuring your identity provider. Copy this URL value (We will make use of this in the next step)

3. Configure identity provider

Sign in to https://developers.google.com/identity/sign-in/web/sign-in

Click the blue “Configure a project”-button

Image Removed

Select an existing project or create a new. Then click “NEXT”.

Image Removed

Select “Web server” in the “Where are you calling from?” dropdown list, and insert the callback-url (which we copied from the Kantega SSO setup above) into the text input field. Click “NEXT”.

Image Removed

Open your OneLogin Admin Console.

Click the "Applications" tab, then "Add App".

Image Added

In the search console, find and select "OpenId Connect (OIDC)"

Image Added

Give the app a Display Name, and click “Save”. Optionally, you can also give the app an icon and a textual description.

Image Added

Assure the correct roles and users have access to the new application

Under the "Roles" tab you may select what roles should have access to the new application.

You may also give single users access. This is under the specific user found under the “Users” top menu.

4. Import metadata

Go to the Kantega SSO wizard and click “Next” in the import step

Image RemovedImage Added

5. Identity provider name

Fill in a name for your configuration, by default this is “Google GSuite”“Onelogin”. Click “Next

Image RemovedImage Added

6. Client id and secret

In this step, we will insert client credentials from Google GsuiteOnelogin.

Image RemovedImage Added

These two values are found herein the SSO settings in Onelogin:

Image RemovedImage Added

Click “Next”, and you will see a summary page of your Kantega SSO setup.

7. Summary

Validate your setup and click “Finish”.

Image RemovedImage Added

8. Test and verify setup

On the next page you will be given a link to perform a test of your setup.

The test verifies that users are allowed to authenticate with the current configuration, and you get feedback on whether the current user is found in Atlassian application. You are also able to fix user lookup issues (selecting the right username attribute and express username transformation rules) and select data attributes for just-in-time provisioning here. More info about testing av verifying identity provider configurations.

6. Redirection mode

By default, Kantega SSO Enterprise will forward all users to the configured identity provider. However, you can configure both a subset of users who should be login through this identity provider and how they are redirected. More about configuration redirection rules.