Azure AD as IDP

Step 1: Setup Azure AD as Identity Provider

    Single Sign On into JIRA using AzureAD, AzureAD SSO Login-1 Prerequisites:

    Copy these values from the Service Provider Info tab of the SAML plugin.

    • SP Entity ID
    • ACS URL

    Single Sign On into JIRA using AzureAD, AzureAD SSO Login-2 Instructions:

  • Log in to Azure AD Portal

  • Select Azure Active Directory ⇒ App Registrations. Click on New Application Registration.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-3
  • Assign a Name and choose the account type.In the Redirect URI field, provide the ACS URL provided in Service Provider Info tab of the plugin and click on Register button.
  •       Single Sign On into JIRA using AzureAD, AzureAD SSO Login-4
  • Now, navigate to Expose an API menu option and Click the Set button and replace the APPLICATION ID URI with the plugin's SP Entity ID

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-5
  • Go back to Azure Active Directory ⇒ App Registrations window and click on Endpoints link.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-6
  • This will open up a window with multiple URLs listed there. Copy the Federation Metadata Document URL. This will be required while configuring the SAML plugin.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-7
  • Log in to Azure AD Portal

  • Select ⇒ and Azure Active Directory ⇒ Enterprise Applications.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-6
  • Click on New Application.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-7
  • Click on Non-gallery application section and enter the name for your app and click on Add button.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-9
  • Click on Single sign-on from the application's left-hand navigation menu. The next screen presents the options for configuring single sign-on. Click on SAML.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-10
  • Edit the option 1 :Basic SAML Configuration to configure plugin endpoints.
  • Enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Info tab of the plugin.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-11
  • Click on Save icon.
  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-12
  • By default, the following Attributes will be sent in the SAML token. You can view or edit the claims sent in the SAML token to the application under the User Attributes & Claims tab.
  • You can add attribute using Add new claim
  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-12
  • Copy App Federation Metadata Url from setup tab.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-13
  • Click on User and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.

  • Single Sign On into JIRA using AzureAD, AzureAD SSO Login-14