Azure AD as IDP

Step 1: Setup Azure AD as Identity Provider

    Single Sign On into JIRA using AzureAD, AzureAD SSO Login-1 Prerequisites:

    Copy these values from the Service Provider Info tab of the SAML plugin.

    • SP Entity ID
    • ACS URL

    Single Sign On into JIRA using AzureAD, AzureAD SSO Login-2 Instructions:

    Note: Enterprise app configuration is the recommended option for SAML . If you do not have Azure subscription or using free account please setup App Registration Configuration.

Azure AD setup through App Registrations

  • Log in to Azure AD Portal

  • Select Azure Active Directory ⇒ App Registrations. Click on New Application Registration.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-3
  • Assign a Name and choose the account type. In the Redirect URI field, provide the ACS URL provided in Service Provider Info tab of the plugin and click on Register button.
    •       Single Sign On into JIRA using AzureAD, AzureAD SSO Login-4
  • Now, navigate to Expose an API menu option and click the Set button and replace the APPLICATION ID URI with the plugin's SP Entity ID

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-5
  • By default, the some Attributes will be sent in the SAML token.If you're not getting group information.Then, add Token configuration for Group information.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-8
  • Add Groups claim
    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-9
  • Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints link.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-6
  • This will open up a window with multiple URLs listed there. Copy the Federation Metadata Document URL. This will be required while configuring the SAML plugin.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-7

Azure AD setup through Enterprise Applications

  • Log in to Azure AD Portal

  • Select ⇒ and Azure Active Directory ⇒ Enterprise Applications.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-6
  • Click on New Application.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-7
  • Click on Non-gallery application section and enter the name for your app and click on Add button.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-9
  • Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-10
  • Edit the option 1 :Basic SAML Configuration to configure plugin endpoints.
  • Enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Info tab of the plugin.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-11
  • Click on Save icon.
    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-12
  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the User Attributes & Claims tab.
  • You can add attribute using Add new claim
    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-14
  • You can add group attribute claim using Add a group claim
    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-14
  • Copy App Federation Metadata Url from setup tab.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-13
  • Click on User and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.

    • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-14