1. Select provisioning method
The Atlassian applications need to have information about users logging in and their permissions. At this wizard step, we choose whether the user and permission data already exist when users log in with SSO or if user records should be created dynamically (just-in-time provisioning).
You can also specify whether users logging in through Onelogin should be added as members to a set of default groups automatically. Alternatively, you can also retrieve and assign group memberships individually based on attributes in the SAML response. Such configurations are available after the initial setup.
Select provisioning method, default groups and click “Next”.
2. Configure identity provider
Open your OneLogin Admin Console.
Click the "Applications" tab, then "Add App".
In the search console, find and select "Kantega SSO"
Give the app a name, click “Save”. (Optionally, you can also give the app a description and portal icons).
Configure URLs
Go into the "Configuration" tab
Assure the correct roles and users have access to the new application
Under the "Roles" tab you may select what roles should have access to the new application.
You may also give single users access. This is under the specific user found under the “Users” top menu.
3. Copy the SAML Metadata URL
Under More Actions, right click on the SAML Metadata link and copy the URL to your clipboard for later:
Upload SAML Metadata.
Back in the setup wizard, you can now press "Next" to get to the import step and paste the metadata URL (copied in the previous step).
Press "Next" to proceed to the next wizard step.
4. Identity provider name
Fill in a name for your configuration, by default, this is “OneLogin”. Click “Next”
5. Verify signature
This step shows the certificate used to validate the SAML messages.
Click “Next”.
7. Summary
Validate your setup and click “Finish”.
8. Test and verify setup
On the next page, you will be given a link to perform a test of your setup.
The test verifies that users are allowed to authenticate with the current configuration, and you get feedback on whether the current user is found in the Atlassian application. You are also able to fix user lookup issues (selecting the right username attribute and express username transformation rules) and select data attributes for just-in-time provisioning here. More info about testing av verifying identity provider configurations.
6. Redirection mode
By default, Kantega SSO Enterprise will forward all users to the configured identity provider. However, you can configure both a subset of users who should be login through this identity provider and how they are redirected. More about configuration redirection rules.