Step by Step Guides for Confluence Single Sign-On (SSO) using SAML

miniOrange SAML Single Sign On (SSO) For Confluence allows users sign in to Confluence Server with your SAML 2.0 capable Identity Provider. SAML Single Sign on (SSO) acts as a SAML 2.0 Service Provider and securely authenticate users with your SAML 2.0 Identity Provider.

Here are the Step by Step Guides for different Identity Providers for Confluence

IDP Links
ADFS Click Here
Azure AD Click Here
Bitium Click Here
Centrify Click Here
G Suite Click Here
Jboss Keycloak Click Here
Okta Click Here
OneLogin Click Here
Salesforce Click Here

Step 1: Download and installation

  • Login as administrator in Confluence.
  • Click the admin dropdown and choose Add-ons.
  • The Manage add-ons screen loads.
  • Click Find new add-ons from the left-hand side of the page.
  • Locate SAML Single Sign On for Confluence via search.
  • Results include add-on versions compatible with your Confluence instance.
  • Click Install to download the add-on.
  • Unable to load Image

Step 2: Configure the IDP

  • Using IdP information user could add details in Configure SP.
  • Provide the required settings (i.e. IdP Entity ID, IdP Single SignOn Service Url, X.509 certificate) in the plugin and save it.
  • FOR EXAMPLE
    IdP Entity Id https://auth.miniorange.com/moas
    Single Sign On URL https://auth.miniorange.com/moas/idp/samlsso
    Single Logout URL https://auth.miniorange.com/moas/idp/samllogout
    Identity Provider Certificate Upload the certificate downloaded from miniOrange Admin Console
    Unable to load Image

Step 3: Test Configuration

  • Click on the Test Configuration button to perform SSO and fetch user attributes from IdP.
  • The below screenshot shows the successful result.
  • This screenshot shows the attributes that are received and are mapped by attribute mapping.
  • Unable to load Image

Step 4: Setup IDP to send user attributes

  • Configure your IDP to send SAML attributes in SAML Response when the user logs in. These attributes will be mapped to the user. Each IDP has a different way of setting this up, contact the IDP or click on Support to help you out.

Step 5: Attribute Mapping

  • Attribute Mapping helps you to get user attributes from your IdP and map them to Confluence user attributes.
  • Please refer to attributes received in successful Test congiguration and use them for Attribute Mapping.
  • In Attribute Mapping, Details like username and NameID as shown in step 4 of Test Successful are mapped to Username and Email respectively.
  • Also Full Name or Separate Name(i.e First and Last Name)attributes are given as options according to Confluence user attributes.
  • While auto registering the users, these attributes will automatically get mapped to your Confluence user details.
  • Clicking Keep Existing User Attributes checkbox will disable attribute mapping for existing users. New users will be created with attribute mapping defined.
  • Unable to load Image

Step 6: Group mapping (optional)

  • Confluence plugin assigns roles to groups which are mapped against those Confluence groups.
  • Confluence uses a concept of Groups, designed to give the site owner the ability to control what groups can and cannot do within the site.
  • In Role Attribute, enter the Attribute Name given against role value of Test Configuration for the user.
  • Clicking Create Users checkbox will allow user creation for only those roles whose role is mapped to Confluence groups in Role Mapping tab. If unchecked, users whose roles are not mapped to Confluence groups, they will not be allowed to login.
  • Confluence has two pre-defined groups where users are mapped: Confluence-administrator and Confluence-servicedesk-users.
  • Role mapping helps you to assign specific roles to users of a Confluence group from your IdP.
  • Unable to load image

Step 7: SSO Sign In Settings

There are different ways to login to your Atlassian Confluence Website

  • Login Button Text make your organization's SSO easy for Confluence users to recognize.
  • You also have option to disable your Confluence login by clicking Disable Confluence Login checkbox. If your Confluence Login is disabled all users will be redirected to IdP for login.
  • Enable backdoor checkbox allows Administrators to bypass external authentication and log in with a Confluence administrator using user name annd password. Note: A logged-in user cannot access this page only a logged out user can.
  • Unable to load image
For Further Details Refer :
https://marketplace.atlassian.com/plugins/com.miniorange.sso.saml.confluence-sso/server/overview

Business Trial For Free

If you don't find what you are looking for, please contact us at info@miniorange.com or call us at +1 978 658 9387 to find an answer to your question about Atlassian Single Sign On (SSO).

Watch the videos to learn more  Watch Demo