This is a critical feature for my organization as well and looking like it may be a blocker for our move to cloud.

Cross linking this comment from this related ticket:
https://jira.atlassian.com/browse/ID-80?focusedCommentId=793224&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-793224

I wouldn't hold your breath! Atlassian's solution seems to be... host it yourself, go have one of our partners host it for you, or switch to Google Apps and use that for login.

I don't see why SSO support is such an issue especially when Atlassian already has a product like Crowd. I actually started expanding further in Atlassian Cloud and was about to implement JIRA Service Desk but realized it was going to become a management nightmare. I'll just keep the scope of the deployment limited to a few small groups in our org until Cloud can support SSO.

Would very much like to see this implemented - would be a fantastic enhancement.

Generally speaking we are advocates of Atlassian products but I cannot understand their apparent lack of direction when it comes to anything Enterprise. An issue like this that has been around for so long with so many votes surely warrants more than posting the regular spiel regarding product roadmap.

John, good luck with that. ID-79 and ID-80 you'd think would be essential for enterprise content and issue management systems. Apparently that isn't Atlassian's target audience.

The management of users in JIRA should be part of regular IT administration within ADFS instead of separate authentication mechanism. The ability to achieve SSO is becoming more important as everybody within the organisation now has access to JIRA/Confluence.

one of our contact will move away coz of that.

Looks like the discussion started Sept 2009. How come nothing happened yet on SSO integrtaion. It is high time SAML integration happen soon.

So if I buy another Atlassian product, I can get SSO with Atlassian products?

Bite the bullet and implement SAML2 or OpenID Connect. Now. It's already too late for a lot of customers.

We're under tremendous pressure to move web-based applications to the cloud, but without LDAP/AD integration, this is a non-starter for us. Although we've been loyal Jira/Confluence for more than 7 years, we may have no choice but to look at other options.

Hi Soulier, could you elaborate a bit?

We use Crowd and want to migrate our Confluence and JIRA to the Cloud, so how would we be able to keep user maintenance in Crowd?

I think this gets covered by using Crowd along with Confluence & JIRA Cloud, which then takes care of provisioning users from your AD into Atlassian, and then to SSO into your Cloud service.

Please consider to implement this feature.
It's 100% necessary if you need to manage your user accounts with single sign-on.

Please consider to implement this feature.
It's 100% necessary if you need to manage your user accounts with single sign-on.

Wow, 6 years and no LDAP. I'm strongly recommending my company to move off of Confluence. For an enterprise wiki, this is like feature #2 to implement. End rant.

Titu, you might be waiting a while. It's not priority, and hasn't been since 2009. Six years of waiting...

Looking forward to this feature.

This is extremely surprising and will prevent us from moving to the cloud version as well. We were ready to kick the project off... This is Cloud 101 for supporting an Enterprise as opposed to startups, can't believe that something like that is not taking a higher priority.

I am going to look into this organization to see what they can provide as a hosted solution (with perhaps an SSO option) at my price point as a Cloud user. This would get me integration with my AD and loads of marketplace goodies not available to the Cloud population. Maybe it's a non-starter, but I'm checking it out this week. If anyone has insight, please share.

http://www.contegix.com/products/managed-application-hosting-atlassian-jira/

This is a showstopper for using Confluence Cloud. I cannot believe that in this day and age a Cloud product cannot or will not integrate with investment in industry standards is very short sighted. Akin to Apple and the ultimate displacement by Android. I now cannot recommend your fantastic product

They should care, it's a matter of adoption. At this point I'm limiting access to 10 people, but I would like to give access to more than 100... Either I'll bite the bullet and self-host or or continue to limit it.

Personally I don't think they care. They have your money already.

this too will keep us from moving to the hosted version

how hard could it possibly be to implement SAML services for JIRA Cloud?

It's difficult to get mass adoption with Enterprise customers not having this feature enabled.

Major +1 vote to have this feature added.

Agreed... we won't move to cloud services without SAML support. As much as I would like to encourage the adoption of more bamboo, bitbucker, jira, hipchat for our employees... without basic authentication integration into our enterprise systems it is a deal breaker. Look up Cox Enterprises and make the business case.

Yes this is a prerequisite for any enterprise customer to consider Jira on-demand. We today buy cloud services and they offer this.

"Single sign-on with Myget? Why not! Have your users login using their Active Directory credentials. We integrate with ADFS and other WS-Federation-based authentication providers." example from myget.org for instance.

Providing this for Jira, will mean that we will consider other services in cloud aswell like confluence, bitbucket and hipchat. But without this there is no deal. Security standpoint here is very important, as well as ease of usage. Just moving my company here would give you the business case, so think this over one more time.

Only about 3 years behind the curve.

Great to see work is being done on this front - wrong service for us (we need something Active Directory can integrate via - e.g. Azure AD), but a step in the right direction.

Awesome, introduce new service just to use corporate accounts.
Maybe Atlassian will think about integrating with Azure AD.

So, those fortunate enough to be on Google Apps and (un)fortunate enough to have Windows Active Directory as the LDAP server will be able to close the gap using the Google Apps Password Sync.

That's strange - in incoming release JIRA will be integrated with Google Apps (https://confluence.atlassian.com/display/Cloud/22+March+2015+to+27+March+2015)....
Maybe LDAP will be next?

In the 6 years since the request it hasn't risen to be in any priority list.

Is there any chance that some work will be done to provide any solution that supports LDAP integration with cloud products?

Crazy decision and short sighted Such a great product but I'll struggle to get the further buy in for new products such as Portfolio and Service Desk without LDAP integration.

Dru, the last blog post on the Crowd website was in 2013. But yes, I agree.

I find this extra humorous given the existence of https://www.atlassian.com/software/crowd/overview

David/Bert, I suspect Atlassian don't give a fig about enterprise users. Their actions over the last few years demonstrate this clearly.

How is this still not a supported feature? How can you provide an "enterprise" Cloud\SaaS that can't integrate with the enterprise for their User Management. Please tell us that this is coming soon. Even if I have to subscribe to a Cloud based Crowd solution that I can then connect my Cloud based Jira and Confluence and anything else (Atlassian or otherwise) to. We currently run Jira, Confluence and Stash hosted in-house for 500+ users, but would really prefer them to be hosted by Atlassian in their Cloud for the high availability and continuos maintenance benefits that everyone expects from SaaS solutions these days. Having someone else host my Atlassian products in the Cloud on IaaS, even if they provide "managed application support", is not the same as Atlassian providing it directly in terms of meeting market expectations.

Today 12:30 PM
Hi David,
Unfortunately, LDAP integration is one of the Restricted Functions on Atlassian Cloud. There's a feature request as you can see on ID-79. You can vote and comment on it in order to increase its visibility.
Please let me know if there's something else I can assist you with
Thanks and regards,
Paula Silveira
Atlassian Support | Cloud
-----------------------------------
how many comments and votes do you need to get it working?

I think both might be needed - SAML is good for access, but in some cases you need to be able to provision users ahead of time. JIT provisioning doesn't suit every need. I do suspect that there is enough API to allow an enterprise to develop their own provisioning solution, however, so I would prefer more effort placed on SAML.

I agree, it needs to be a SAML solution. Anything else is really insecure. Syncing your passwords into the cloud is a really really bad idea. Most enterprises wouldn't allow it.

We pay for a cloud hosted product that should provide this functionality - paying extra is not an option - Atlassian need to provide appropriate tools or we need to find other tools that are more appropriate for running in 2014!

Hi everybody,
so Atlassian won't deliver this integration in the short term.

I am an independent developer. How much would you willing to pay me for the development and hosting of the following service:

• Enter JIRA Rest URL, admin username and admin password
• Enter LDAP URL, admin username and admin password, root node distinguish name (password need to be stored in plaintext)
• Enter scheduling interval

The service will synchronize the LDAP user tree with the JIRA user database in the given scheduling interval.

I would guess it would take me around 20 days to develop a basic version.

/Manuel

It might be better if all the effort on encouraging action on cloud authentication went on encouraging SAML integration, see https://jira.atlassian.com/browse/AOD-7183.
Use of LDAP over public internet connections is not a great solution whereas SAML 2.0 is designed to do that.
We are desperate for something Atlassian - suggesting we run on premise suggests you are not confident in your ability to run cloud solutions - if this is the case you should withdraw the service.

It's also never forced anyone to change passwords due to age...

People want OnDemand because it is cheap and convenient and does almost everything that they want it to do, hiring another company to manage the on-premise solution can literally cost hundreds of thousands of dollars over a multi-year period... @ Brad Shulz, yes and OnDemand still doesn't enforce password strength either...

Software is one of the most valuable and important assets a company has these days. Unbelievable that Atlassian isn't even working on security - arrogant enough to believe that their system, with no SSO, and insufficient tools to effectively manage larger numbers of users, is secure.

Zendesk support both JWT and SAML: https://support.zendesk.com/hc/en-us/articles/203663826-Single-sign-on-SSO-options-in-Zendesk#topic_ftf_knm_yj

It's really disappointing, I am going through a tech. solutions analysis for a client right now and including Atlassian...honestly I was totally surprised when I saw that this was still lurking around. I remember seeing this talked about maybe 3 years ago...thought it would of been implemented by now. Guess not!

I along with a lot of other people are really disappointed in Atlassian and I will no longer be evangelising their products. I'm mean really, 5 years and 200+ votes and it's not on their radar. It's really quite laughable.

A lot could of happened in 5 years, LDAP should of been one of them...

@Kimmo - I wouldn't hold your breath. 5 years is a doddle waiting for features. Sometimes regression issues take longer to resolve.

This is also a barrier for us using Service Desk or Jira more extensively in our organization. Without this capability, Jira will remain a small PM tool rather than a systemic issue tracking system. Please add this feature ASAP.

We need this feature as well, must be soon coming as been cooking so long

Bye bye Jira... Welcome Zendesk...

How is this ticket 5 years old. There is a huge need for this - please reevaluate the integration with this feature...

Brad, unfortunately we're doing the same thing. The only thing I can't figure out is client facing solution support, but then my customers can't figure out JIRA OnDemand either, and HelpDesk OnDemand just doesn't have the flexibility to work.

Report back here to let us know what you find. I'm talking to Microsoft to get pricing for cloud-based TFS. Better at some things, not as flexible with other things, but it looks like they have the simple things right. I'll probably move away from Bitbucket while I'm at it.

Yep. Tired of managing an on-site instance of Confluence. Have been waiting for something similar to this feature so can move to On-Demand. Been a customer for many years. Time to look for another solution and take my $$$$$ elsewhere.

I about threw up yesterday when I saw the message notification from yesterday...I don't have a leg to stand on when it comes to convincing other departments and divisions to use Atlassian within my org of 3,000. Atop this basic need, I can't even get powerful add-ons in the marketplace because of my decoupled SaaS instance. Sucks.

Atlassian used to be such a leader, but now it appears to be falling way behind. Seriously, SAML and LDAP integration isn't even difficult.

The user banding levels on OnDemand show an intent to target larger organisations than just start ups. I concur, Jason, the more my business grows the harder this mess gets to manage and the more my users give up on it, and the more I give up on it. SharePoint Online from Office 365 has de facto taken over a lot of what we used Confluence for, and you know what? It IS easier for my end users, and it's actually easier for me to administer. I feel like burning my keyboard after typing that, but it's a changing world!

It appears that Atlassian is focusing on individuals and small companies. The problem for the medium to large companies is that none of the Atlassian products have effective management of large amounts of data, particularly relating to administration. The more I use the Atlassian tool chain as an administrator, the more disappointed I am. This is just another example of how Atlassian is failing to standup.

Exactly - in today's age of SaaS computing, what modern enterprise system does not have integration with LDAP? Atlassian - this is unacceptable and quite embarrassing for you. Tells me there is some serious flaw with your architecture that your engineers are unable to solve.

Might be time to look at other tools. The cloud-based TFS is coming along now that they are general release. Time to take a fresh look at the marketplace.

I assume this means that effort is instead going into finding new ways to make people buy things from the Marketplace, or confusing end users with banner messages about "Try our new feature!"

God forbid you'd want to make Atlassian OnDemand EASY for Enterprises to adopt and maintain!

Kevin, be patient, the issue was only created 5 years ago!

What is the status of this feature? It appears to be stuck on Accepted, but with no real progress

Daniel, Atlassian don't appear serious about doing anything that would allow enterprises to use their stack. This issue, the stupid rounded logos issue, the inability to fix the integrated search function - it's regressed and Atlassian aren't keeping up with my companies growth. They don't even bother contacting you when you show public dissent or contact the CEO's office saying you are going to move your business elsewhere. My advice - don't bother.

Is Atlassian serious about solving this problem, and if so, what is the projected timeline? My company really wanted to use ondemand, but not being able to use our existing LDAP authentication is a major roadblock with our IT department.

@Paul Alexander this is correct. Therefore I am recommending to Atlassian to just buy the whole company and integrate the module by default. Buying might be cheaper than producing.

@ Manuel Blechschmidt: That SSO plugin only appears compatible with local installations (not atlassian on-demand)...

I've created a separate request regarding SAML support: AOD-7183

There is already a SAML 2.0 implementation in JIRA marketplace:

https://marketplace.atlassian.com/plugins/com.resolution.atlasplugins.samlsso

@Atlassian: Just buy the whole company (resolution Reichert Network Solutions GmbH) and make it a default plugin in JIRA

When will this be released to the public?

Yes please...would love an update from Atlassian on this...SAML 2.0 is my target as well.

Any ETA on when this will be implemented? This has been requested non stop for a long time.
SAML 2.0 specially.

me too!

We would like to remember only one password: the user AD account/password.

thx

We are a small company, but this would help particularly for those people who only use the system occasionally; remembering another login is just a pain for them.

+1 here would love to see ldap integration. We are currently an OnDemand customer as our business has grown having to maintain 2 different user sets has become a task.

We are would also be interested in moving to onDemand but lack of SAML 2 support is an problem for us as we cannot integrate with our identity management solution

Our organization is contemplating moving to OnDemand, but the inability to centralize user management is making it incredibly difficult for us to recommend moving out of self-hosted.

We have multiple Google Auth domains within the same account, and only the primary domain is supported so we cannot have two factor authentication for these accounts. We also have external contractors who require access and without SAML (or buying a Google apps account) we cannot facilitate their access.

We love OnDemand but are frustrated that we have to maintain different userid's and passwords - hooking in to an existing SAML idp would be fantastic - without this there is no way we can scale our use and ODemand will remain a minority app

We are using Office365. It would be awsome to see SAML support to create a federation.

http://technet.microsoft.com/en-us/library/adfs2-step-by-step-guides(v=ws.10).aspx

outlook.office365.com

Unfortunately, we will have to drop our Atlassian OnDemand service in 2014 without this functionality. I'd like to get a sense of the implementation timeline for this.

SAML, LDAP, or integration with AD would all be options we'd consider.

We're doing a PoC of the On Demand product and the ability to centrally authenticate users is a must have. Ideally, this would be through SAML. I'd be happy to "manually" create/remove users as along as there is an API through which I can automate this, but we'd need to be able to use our email addresses and central password store.

Would love to be able to integrate this with Azure Active Directory!

As we need the LDAP integration with OnDemand, I would be willing to be beta tester.

This one have 83 votes now! How many votes Atlassian need to prioritize this functionality? This is indeed crucial for us too.

I wanted to consolidate my wiki and jira together with 500 users, but I can't even consider this route because of no SAML support. Please reconsider to put this back on.

We would use either LDAP or SAML if offered

SAML

SAML

A solution similar to Google Apps Active Driectory Sync and Google Apps Password Sync would be what we're looking for. Having OnDemand access our LDAP directly would not fly for us. We'd need to push accounts and password hashes into On Demand on a scheduled basis.

For larger demands, you're better off partnering with an Expert vendor. Still would like to see some effort towards SAML, like Zendesk and other like-minded cloud vendors offer.

Please provide an LDAP solution. It can't be that hard to create a read only AD connector can it?
Now more and more users migrating to OnDemand, this is a feature you just can't do without.

Fons

I recently worked with a 12,000 seat company that was planning to utilize Confluence onDemand. The lack of LDAP or SAML required us to look at hosting externally or internally.

We eventually went with an internally hosted Confluence instance.

Didn't actually expect to get responses to my question regarding the size of organizations. However, since there are responses, I'll report as well. I work for IHG, Inc., the parent company for a number of hotel chains, such as Holiday Inn and Intercontinental. We have about 2000 people, in the US, that I could see using Atlassian products, and more than this if we applied this globally. Not very large, compared to some, but large enough to where managing accounts effectively is challenging if it needs to be done in multiple places.