As a Crowd administrator, I would like to use OKTA SSO (SAML) for my Atlassian applications, however, my idea is to have only Crowd integration with OKTA and acting as a bridge app in between OKTA and Jira/Confluence/Bitbucket. This means that if an unauthenticated user logs to Confluence, Confluence sends an authentication request to Crowd and Crowd talks to OKTA to get the SAML Authentication done.
- User tries to access Confluence/Jira.
- They reach Crowd Logon page.
- They insert their user and password which is authenticated against the information in OKTA.
- OKTA sends the confirmation to Crowd.
- Crowd redirects to the application being requested.
Each application needs to be SAML Versed in order for them to be able to integrate with Okta. The way we establish this is by either using the Connectors provided by Okta (available for Jira and Confluence only) or through third party plugins provided by vendors such as Mini Orange(e.g).
Once that's done, we integrate those applications with Okta with the aid of those plugins as well. At this point, the applications will know that login requests should go to Okta to be processed and will also know how to read a SAML response accordingly.
The scenario explained above seems ambiguous, since both Crowd and Okta in their scenario seem to have the same or very similar proposal which is to act as the IdP. However, even though this is similar, it can be important for some organizations or companies.