As an unsupported provider, users may have difficulty configuring ADFS to work with Atlassian Access. Here's what I found to work in a recent engagement on configuring ADFS:

1. You should export the ADFS token signing certificate to be the X.509 certificate for Atlassian Access.
2. You may have to pull the rest of the information for Atlassian Access from the FederationMetadata.xml file
3. Don't set up an Encryption certificate in ADFS' relying party trust
4. Use SHA-256 instead of SHA-1
5. In issuing claims, you need 2 rules:
   1. First rule sources from Active Directory and issues these claims:
      1. Given Name
      2. Surname
      3. SAM-Account-Name as UPN or Name
      4. Email-Addresses as Email-Address
   2. The second rule is a custom rule that transforms the Email-Address claim to a NameID claim: 

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"] => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "<Insert Atlassian Access 'SP Entity ID'>");

This will enable users to log in via ADFS SSO, and optionally, just-in-time user provisioning. You will still need to manage user provisioning manually or write your own code to use the [Atlassian Access User Provisioning API|https://developer.atlassian.com/cloud/admin/user-provisioning/rest/]

Hi all, 

Thanks for your interest in setting up Active Directory Federation Services (ADFS) with Atlassian cloud for SAML Single Sign-On. To help us prioritize this request, we'd love to understand your situation in relation to ADFS better.

Please take 1-2 minutes to fill out this quick survey: https://goo.gl/forms/LIyybVoWPGqpNmsg2

Cheers!

Lingbo

Hi there, just a note on why I up-voted this. We have a variety of information stores that we would like to integrate together. We use Zapier to accomplish this. We are not able to integrate Confluence into this because ADFS single sign on is not supported. So… we would like it supported so that we can start consolidating from different sources automatically into the project in Confluence! Thanks

@Benn

As you learned, this is not yet available on OnDemand, but it is possible with the JIRA server product (and you can get managed hosting, which is like-OnDemand).

For ADFS single sign-on with JIRA, see this solution that AppFusions has been deploying for over 3 yrs.

Kerberos SSO Authenticator for AD & Atlassian Servers

In addition, Immersive for Atlassian JIRA 5.X, 6.X+ integration, in Jive is supported with Jive 7+ and above (jiveon cloud, Jive hosted, Jive on-premise)/

Also supported is:

• Confluence 5.X+
• Stash 3.X+
• Bamboo 5.5+
• FishEye 3.5+

Some latest videos:

• Watch Immersive for Atlassian JIRA, in Jive
• Watch Immersive for Atlassian Confluence, in Jive

Subscribe to appfusions youtube channel for latest...

For more info and feature review: http://www.appfusions.com/display/JRA2JV/Home
For evals/deployments: email info@appfusions.com