JIRA for SAML Plugin

  1. As an admin, click the “gear” menu and go to “Add-ons”

    Add-ons

    Select Add-Ons

  2. Search the Marketplace for “JIRA SAML” and install the plugin

  3. Click “Manage add-ons” from the sidebar and search for “SAML” to find the installed plugin

    Add-ons

    Install & Find Plugin

  4. Click the “Configure” button for the add-on

  5. On the configuration screen, enter the values from your SAML Identity Provider (IdP) – for the location and setup of these values, please consult the documentation from your IdP vendor.

    Configure Add-on

    Configure Add-on

  6. Enter information into the following fields:

    • Login URL – this will be a URL from your IdP that initiates the SAML login process
    • X.509 Certificate – your IdP will provide you with this certificate that is used to digitally sign and verify the SAML payload
    • Entity ID – your IdP will provide you this value
    • “Force SSO login” – this field is optional. If you leave it unchecked, users will be able to either login with their username/password or using SAML. If the box is checked, users will not be able to login with username/password. We strongly recommend to first perform testing with ‘Force SSO Login’ unchecked

End User Experience

Once the JIRA SAML plugin is installed, users will see a new button on the login screens:

End User Experience

New Login Screen

Clicking this button will start the SAML authentication process for the user. The user will be redirected to the pre-configured identity provider, authenticated and then redirected back to JIRA.

Notes:

  1. The user must already exist in JIRA or authentication will fail. The SAML plugin uses the JIRA username as the subject. The IdP should be configured to return that value.
  2. If the “Force SSO Login” checkbox is enabled, the user will not see the “Username” or “Password” fields on the login screen.