Configuring SAML for Atlassian Cloud

REQUIRED ACCOUNT/PERMISSION LEVEL

Bitium: All account levels; must be an Admin to set up

Atlassian Cloud: Admin

In order to enable SAML single sign-on for Atlassian Cloud products you’ll need to set up Identity Manager. Learn more about Identity Manager.

In Atlassian Cloud:

  1. Navigate to Atlassian Site Administration > Organizations & Security > Your organization > Domains. You will need to verify a domain and be subscribed to Identity Manager before setting up SAML. This process may take as much as a day. Instructions can be found on the page.

    Verify your domain in Atlassian

  2. Once the domain is verified, go to the SAML single sign-on tab under Atlassian Site Administration > Organizations & Security > Your organization.

  3. Click Add SAML configuration.

Leave this window open and open a new tab in Bitium.

In Bitium:

  1. Go to “Manage Apps.”

  2. Select “Atlassian Cloud” from the list of installed apps.

  3. Select the “Single Sign-On” tab.

  4. From the dropdown, select “SAML Authentication.”

    Copy the values from Bitium and paste them into Atlassian

  5. Copy the Entity ID from Bitium. Paste this into the Identity provider Entity ID field in Atlassian.

  6. Copy the Login URL from Bitium. Paste this into the Identity provider SSO URL field in Atlassian.

  7. Copy the X.509 Certificate from Bitium. Paste this into the Public x509 certificate field in Atlassian.

  8. Click Save config in Atlassian.

  9. Click Save Changes in Bitium.

Notes: Users must have emails matching your verified domain in order to log in via SAML.
Atlassian does not support JIT provisioning at this time. Users will either need to exist in the Atlassian system, have an invite in the Atlassian system prior to logging in with SAML, or the admin for an organization will need to enable the “Self Sign Up” option under Site Administration > Site Settings. If this is the case, a user of the verified domain can log in through SAML and an account will be created for them.