Configuring SAML for Atlassian Cloud
REQUIRED ACCOUNT/PERMISSION LEVEL
Bitium: All account levels; must be an Admin to set up
Atlassian Cloud: Admin
In order to enable SAML single sign-on for Atlassian Cloud products you’ll need to set up Identity Manager. Learn more about Identity Manager.
In Atlassian Cloud:
Navigate to Atlassian Site Administration > Organizations & Security > Your organization > Domains. You will need to verify a domain and be subscribed to Identity Manager before setting up SAML. This process may take as much as a day. Instructions can be found on the page.
Once the domain is verified, go to the SAML single sign-on tab under Atlassian Site Administration > Organizations & Security > Your organization.
Click Add SAML configuration.
Leave this window open and open a new tab in Bitium.
Go to “Manage Apps.”
Select “Atlassian Cloud” from the list of installed apps.
Select the “Single Sign-On” tab.
From the dropdown, select “SAML Authentication.”
Copy the Entity ID from Bitium. Paste this into the Identity provider Entity ID field in Atlassian.
Copy the Login URL from Bitium. Paste this into the Identity provider SSO URL field in Atlassian.
Copy the X.509 Certificate from Bitium. Paste this into the Public x509 certificate field in Atlassian.
Click Save config in Atlassian.
Click Save Changes in Bitium.
Notes: Users must have emails matching your verified domain in order to log in via SAML.
Atlassian does not support JIT provisioning at this time. Users will either need to exist in the Atlassian system, have an invite in the Atlassian system prior to logging in with SAML, or the admin for an organization will need to enable the “Self Sign Up” option under Site Administration > Site Settings. If this is the case, a user of the verified domain can log in through SAML and an account will be created for them.