JIRA for SAML Plugin
As an admin, click the “gear” menu and go to “Add-ons”
Search the Marketplace for “JIRA SAML” and install the plugin
Click “Manage add-ons” from the sidebar and search for “SAML” to find the installed plugin
Click the “Configure” button for the add-on
On the configuration screen, enter the values from your SAML Identity Provider (IdP) – for the location and setup of these values, please consult the documentation from your IdP vendor.
Enter information into the following fields:
- Login URL – this will be a URL from your IdP that initiates the SAML login process
- X.509 Certificate – your IdP will provide you with this certificate that is used to digitally sign and verify the SAML payload
- Entity ID – your IdP will provide you this value
- “Force SSO login” – this field is optional. If you leave it unchecked, users will be able to either login with their username/password or using SAML. If the box is checked, users will not be able to login with username/password. We strongly recommend to first perform testing with ‘Force SSO Login’ unchecked
End User Experience
Once the JIRA SAML plugin is installed, users will see a new button on the login screens:
Clicking this button will start the SAML authentication process for the user. The user will be redirected to the pre-configured identity provider, authenticated and then redirected back to JIRA.
- The user must already exist in JIRA or authentication will fail. The SAML plugin uses the JIRA username as the subject. The IdP should be configured to return that value.
- If the “Force SSO Login” checkbox is enabled, the user will not see the “Username” or “Password” fields on the login screen.