Skip to content

JIRA & Confluence Single Sign-On

Overview

This article describes how JIRA or Confluence 7.0 and above versions use the built-in SSO 2.0 configuration to achieve single sign-on with BambooCloud IDaaS.

Authentication Configuration

Obtain BambooCloud IDaaS IDP Service Configuration

  1. Log in to the BambooCloud IDaaS Enterprise Center as an administrator, and go to Settings > Service Configuration > IDP Configuration.
    • IDP EntityId: Single Sign-On Issuer

    • SSO URL: Identity Provider Single Sign-On URL

    • IDP Certificate: X.509 Certificate

Confluence SSO Configuration

  1. Log in to the site management interface as an administrator and select SSO 2.0.

  2. Configure the user login method, and select SAML Single Sign-On as the authentication method.

Jira SSO Configuration

  1. Log in to the site as an administrator, click Settings --> System --> Authentication Method.

  2. Click Add Configuration, and select SAML Single Sign-On as the authentication method.

    ParameterDescription
    Single Sign-On IssuerIDP EntityId
    Identity Provider Single Sign-On URLSSO URL
    X.509 CertificateIDP Certificate
    Username MappingNameID, you can reference the username returned by BambooCloud IDaaS through ${NameID}
    Authentication Consumer Service URLAutomatically generated, Assertion Consumer Service URL (ACS URL)
    Audience URL (Entity ID)Automatically generated, SP Entity ID / Audience URI
    JIT ConfigurationCreate users when logging in to the application. Not checked by default. After checking, users will be automatically created and updated when logging in to JIRA or Confluence via SSO. For details, see JIT User Configuration.
    Remember User LoginSave successful login history and automatically log in users without verification.
    Login ModeSelect SAML as auxiliary authentication to retain the original login entry.

Add JIRA or Confluence Application on BambooCloud IDaaS

  1. Log in to the BambooCloud IDaaS Enterprise Center as an administrator, go to Resources > Applications > Add Pre-integrated Application, search for and add JIRA or Confluence.

  2. Configure application authentication parameters.

    ParameterDescription
    SP Entity IDAudience URL (Entity ID)
    Assertion Consumer Service URL (ACS URL)Authentication Consumer Service URL
    Name IDSelect Application Account
    NameID FormatSelect Default
    Audience URIAudience URL (Entity ID)
    Single Logout URLLeave blank
    Default Relay StateLeave blank
    Response SignatureNo
    Assertion SignatureYes
    Digital Signature AlgorithmDefault RSA_SHA256
    Digital Digest AlgorithmDefault SHA256
    Assertion EncryptionNo
    Verify Request SignatureNo
  3. Configure mappings. Enter the application details, Authentication Configuration > Mapping Configuration, and add mappings.

    • email: user email

    • NameID: username

  4. Authorize users: Authorization Management > Application Account > Add Account. The account name should be consistent with the account name in JIRA or Confluence.

Login Verification

Log in to the BambooCloud IDaaS User Center, click the application logo, and single sign-on into the application system.

BambooCloud IDaaS Open Platform