Redirect rules

Kantega SSO Enterprise allows you to define how users should be redirected to identity providers. You can choose to have no redirection and only an SSO link on the login page, instant redirection of all users, and 2-Step Login where a subset of users is redirected.

The screenshot below shows the various redirection modes. At the bottom of the page, you can specify whether the login page should show the Idp (in this example, Azure AD) with a link on the login page and whether SSO should apply to the customer portal of Jira Service Desk.

2-step login

Many organizations have multiple user groups with various login requirements. While SSO to Atlassian application is typically set up as the default login mechanism for most users, it is also commonly necessary to give users who are not a part of the corporate user databases (for example, external consultants, system admins, and interns) access.

2-Step Login allows you to align one or more SAML identity providers with native username/password login. It creates a login experience where users are asked to only type in their username. Based on the properties of the particular user, he or she is redirected to the relevant SAML identity provider or asked to type the built-in password.

The following three redirect modes will enable 2 Step Login:

  • Email domain - Redirect users based on the domain part of their provided username.

  • User directory - Redirect users based on the user directory they are stored.

  • Group memberships - Redirect users based on the groups they are members of.

The following video demonstrates how to set up this, which plays out in practice for the users.