I would hope they work on both SAML and Open ID. My project is a collaboration of many separate entities and I need to tie them all together. Hopefully we will have that in the future. We had to purchase the server based one and come up with a solution ourselves.......

I would love to test an Atlassian built solution.

Dan

In this day and age, why head for a dated protocol like SAML and not the more modern Open ID Connect which is gaining traction?

If we were playing Texas hold 'em, your first question would be classified as "tell:" "Atlassian believes a single account for end users will foster lower friction collaboration within and between teams everywhere, and that this is a highly desirable concept for our customers."

Ultimately, who controls the work that's produced is the question. If you're taking the GitHub approach (where individuals have their own GitHub usernames/passwords and are invited to join a particular company and collaborate on projects), that's one approach. Another approach is that the company that said individual joins is the IdP (Identity Provider), and once said individual leaves that company, (s)he leaves that identity (and work created with it) behind.

Both approaches have their merits. The GitHub approach to identity management ensures that an increasingly mobile ^{(cough millennial cough)} workforce can retain their individual identities & side projects wherever they may roam. The "traditional" corporate approach all but guarantees (at least in the eyes of the employer) that "what's produced here stays here." When you leave the company, you forfeit your access to your identity and the work you produced while you were under their purview.

I believe we're each entitled to our own opinions on who owns an individuals online identity as it pertains to collaboration tools, especially in the age of an increasingly mobile workforce.

What's at issue here is how authorized individuals gain access to corporate data.

If Atlassian is the Identity Provider (hereafter referred to as the IdP), and an individual's identity is "invited" to access corporate data, there are no restrictions on:

• Two-factor authentication
• Time-based access
• Geography, conditional access, etc. (depending on the requirements of the SAML IdP)

...whereas, if the company is the IdP, they can dictate the above requirements by refusing to issue a SAML token to their repositories/wikis/etc. to a user who does not meet their security requirements. This should not be understated--it's important from a security POV.

Furthermore, locking a user out of that company's directory would effectively prohibit access to said company's intellectual property by virtue of the fact that the company is the IdP. With so many disparate systems in use today, will 100% of admins remember 100% of the time to revoke an ex-employee's access to the company's repositories/wikis/etc. upon their departure?

Not a sermon, just a thought... ^TM

I took the survey to mean what would I pay for a combined Jira license, Confluence license, and SAML, so I based my answers on that. Do we expect they were asking for costs of just the SAML feature?

I'm shocked that after such a looooong time of building this that they are now even considering it as a "Premium" offering. Yes, I get that they had to do a bunch of infrastructure work to enable this. BUT, these:
• SAML 2.0 SSO Support
• Custom Domains
• 2FA Auth with optional SMS
• Consolidated Billing
are a core component of what any cloud offering in 2016 should have.

It is NOT a premium thing at all, period!

@anthony - absolutely - I got the same survey, and happily answered $0 for each of those.

Why on EARTH would I pay MORE for a consolidated bill?!?!? Honestly!

The reason I'd pay $0, and therefore wouldn't purchase those features, is that I expect those features from a SaaS offering. Also, I have no plans to extend my use of Atlassian Cloud, and in fact are actively migrating from it.

I was hoping for more free form text boxes where I could explain to them that this should not be a separate "premium tier" because after all THEIR SALES TEAM TOLD US THOSE EXACT FEATURES WOULD BE AVAILABLE SHORTLY WHEN WE FIRST BOUGHT INTO THE CLOUD VERSION.

I don't see any reason why I can't share what they sent me if they do truly value our feedback, unless the URL is unique to me. Give it a try:

Hello,

Your feedback has been instrumental in developing and improving JIRA and Confluence, and today we invite you to help us understand the value of our product.

We believe pricing and value should not be a one-sided conversation, so please take a minute to answer our survey. We're excited to receive your feedback!

https://www.surveygizmo.com/s3/2733520/Atlassian-0202

Yes - how do we get an invite to that survey??

I hope I get an invite, that would be so much fun

I was just invited to participate in a survey asking how much we would pay for "JIRA/Confluence Cloud Premium" with:

• SAML 2.0 SSO Support: Configure SAML authentication via IdPs such as: Okta, OneLogin, Centrify, Ping etc. and any other providers that support SAML 2.0.

• Custom Domains: Use a customer-provided domain, e.g. yourdomain.com for the Atlassian service.

• Two Factor Authentication with SMS: Enhanced security multi-factor authentication with optional SMS validation.

• Consolidated Billing: Manage all of your Atlassian services on a single bill.

So, it seems as if this feature may be in the works, but Atlassian wants us to pay more for it by calling it a "Premium" feature.

Not all of us use Google Apps. SAML is needed badly.

There is a roundabout way to accomplish this now, but it only works for those companies who use Google Apps for Business. If your Atlassian Cloud instance is set to use Google Apps for authentication and your Google Apps is set to use something else, such as Azure AD or on premise ADFS, it will work. When you go to your Atlassian Cloud and click to sign in with Google, you will be redirected to your ADFS login page. Atlassian won't show up as an App in your Microsoft portal though since Microsoft won't know anything about it. I realize this isn't a feasible workaround for most people and certainly shouldn't be treated as a legitimate solution by Atlassian. Atlassian needs to allow their products to integrate directly, without having to use Google.

@nginge maybe you want to chime in here?

FYI: I spoke with Atlassian's Enterprise Product Managers last year about the inability to meet basic enterprise requirements, beyond SAML (Think CAIQ /Cloud Sec Alliance compliance). This was on the roadmap but those people have since moved on and Atlassian will not return our requests for account management follow ups so we're dropping their cloud platform from available infrastructure options for our corporate use.

That's just the way it is. They'll still make money and we'll use another option. C'est la vie. Funny enough, Microsoft's "Planner" is getting more and more features so when it gains feature parity with Atlassian's JIRA Agile and Portfolio, it'll be a viable options for enterprises that require cloud security compliance.

Same issue here - I have huge fights every few months to keep it up and running. Security is very important these days and managing accounts in multiple environments is just no option if your organization has more than 10 employees working with a tool. Using O365 accounts should be a no brainier for an enterprise solution like Jira...

In short: 2 years - nothing happend... time to get it done!

It is really trange that this functionality is not present end priorized in a SAAS solution as JIRA ...
So My security reponsible refuse us to use JIRA in SAAS.
What a shame .....

I never thought I'd live to see the day but friends my Jira SAML issue may have already been solved. http://techcrunch.com/2016/06/06/microsoft-officially-launches-planner-its-trello-competitor/
Microsoft already integrated SAML for us awhile back for Office 365 so now we have a solution to migrate off of Jira completely. I urge you all to do the same.

It would be great if this was a SAML 2.0 universal solution so that it would work with other SSO providers like Okta too - right now I'm forced to look at google apps integration to see if that will work for us.

@agrutta I have also previously offered to work with them on this topic. ID-79 was my request in hope of getting SOMETHING out of it after that went nowhere.

I get the impression that this might be a renewed push for Atlassian Crowd. As if Enterprises want to base their identity strategy around a cloud suite of products for developer productivity.

I can believe this is what they went with, it is like they are complete missing the point and have completely disregarded the history of this issue.

First this...
"Consolidating the multiple user accounts that exist across the Atlassian cloud into a single account, profile and authentication technology - we refer to this as Atlassian account. Rolling out Atlassian account for all users and products allows us to establish a single identity for a given email address and simplify the identity management and authentication requirements for the end user. This also allows SSO for end users into all products and services they're authorised to access"

This is 100% untrue, I personally provided code that demonstrated that SAML compatibility required no alteration of the "Atlassian account" or any internal authentication or authorization system. And I also demonstrated that this would not have to be implemented across all products, it could simply be an option isolated to an individual app and turned on by the administrator for use within the subdomain. I offered this code up to Atlassian and even asked to speak to the product owner, it fell on deaf ears.

Next we have this little gem...
"Establishing account ownership principles that allow administrators to assert a claim over users within their domain. We need to provide assurance to admins that user accounts they lay claim to can be administered only by them - including accounts managed via SAML. We implicitly have this today with user accounts being scoped to a given tenant, but the global uniqueness of Atlassian account means that we have to make this explicit"

Seriously? You have no idea how SAML is implemented do you? Accounts don't have to be managed by SAML it can simply be used as a mechanism to authenticate that a user exists via the remote IDP, the authorization can them be handled by the Atlassian side of things which could also be further manipulated by clients using the REST api (for automation purposes).

What even gets more frustrating...
"Rolling out these pillars entails a significant amount of effort, and has been the focus of our team for some time. A lot of the foundation components happen under the covers which means that there's no immediately visible impact to users or administrators that we can share."

I call BS! I offered to give you the code, I was willing to provide a demonstration, this would have been a PATCH!!!!

Finally...
"I hope our team will be able to share a more substantial update in the near future."

Define near it's been since 2014, this is obviously not a priority and all this proves that when we started to voice our dissatisfaction via social media all of a sudden you took notice. It just shows we need to be louder!

@nginige how about even a broad ETA so we can plan how to run our businesses and decide if we need to pull out of cloud or wait for the solution? That response was just a lot of blah blah blah and tells us nothing different than what you did years ago. In fact, it was interesting that it came over the pipe as an edited version of essentially the same response as Nov 2015. It isn't a particularly compelling story if you can't supply any better information than that from 5 months ago. I'd interpret that as zero planning or progress.

It is great that Atlassian is working on this issue and explaining that it is a large effort is helps. But the fact remains that not even Q3 2016 or Q2 2017 is thrown out. I wish I could do that at my company, we are working on your requests you will have your features some day. Why is it so hard to give some sort of target, not looking for an exact date?

Agree with all the comments - perhaps SAML enabling ALL products would be the best way to deal with this? Insert your Atlassian Uniqueness ID in the SP layer. Problem solved.

If an ETA is unrealistic, would it at least be possible to link the blocking tickets to this one so we can see the progress as those tickets get closed out?

Yadda, yadda, your call is important to us.... yadda, yadda, we value your business...

Consolidating all Atlassian products to one account while noble, sounds like a large job (read: lengthy).
Adding SAML support to existing Jira accounts, (even a temporary, unsupported Beta) could probably be knocked out in a couple of weeks. We've been waiting years for this, please don't make us wait more years.

@Nuwan Thanks for the update, I appreciate knowing my voice is being heard. However this has been a very long-running issue as you note and your message is essentially the same as the previous message dated 19 November 2015 and, almost four months later, does not contain a "more substantial update" regarding ETA.

Nuwan Ginige, how about providing an ETA?

• Michael
  The problem is not the user Sync. It is having a Single Sing On. Who needs one more password to store and control? Not to say that adding users via your technique is not helpful.

I worked around this feature gap by writing a script that uses the JIRA API to get all active users and compares them against an internal Active Directory. Anyone not active in AD is deactivated in JIRA. It's not perfect, but it does the trick. Source code is shared on GitHub: https://github.com/katonahmike/jira-ldap-sync

I had the same thought. There's always the ulitmate goal, the most ideal solution, but sometimes you need to put in a stop gap to deliver something high value, even if it temporarilly deviates from that vision. It sounds like it will be 1-2 years before all the products share the same platform, where-as enabling SAML for individual platforms based on demand would be pretty straight forwad and fill a massive void.

Also the more I think about it, why does consolidating all the products is a higher priority rather than enabling SAML on JIRA Software. Then migrate all the products to use the same mechanism. Getting all JIRA users to have SAML activated seems like a pretty big win. Having other products use the same user base can happen right after.

I stated this earlier in the thread, but I did open a new CEO message last week. The response to it as of 2/24 from their support team was:
"I have relayed your message to the appropriate parties to provide further insight into ID-80. You will be hearing from a Product Manager to provide you with an update on the status of the feature request."
As of 3/3 no feedback to either this thread or the CEO support ticket CEO-2586.
I hold out hope that eventually the product manager will reply to this string and the delay is due to them thoroughly evaluating the request to get us accurate information #optimist

@Shane Day

Nevermind then, I got an email today stating that there was something added to it, and thought it was the CEO link.

The email came in around 12:09 PM from Elisa Diel [Atlassian], with the message: https://support.atlassian.com/browse/JST-185547

So nevermind.

@Andrew Doering - the CEO ticket has been linked for about a year. Don't hold your breath.

We implore...

So now there is a CEO ticket, but we are unable to see it... so I guess that is some headway.

Go retweet @Erik Segerstolpe tweet +1

The case for LDAP integration (https://jira.atlassian.com/browse/ID-79) was opened in 2009. That was 7 years ago and still nothing.
Just setting some expectations for you all...

@john.colburn It looks great. We requires a SaaS solution but we need SAML to support seemless SSO for users who are on-premises, as well as MFA for those who are mobile/remote. We are planning on storing sensitive information so we can't rely on only username/password for an internet facing platform.

John Colburn,
Are you serious, maturing? In 2014 we were promised this, heck when we got it the rep told us "oh yeah SAML will be ready by the time you go live", that was YEARS ago now!

@bchristian Confluence is great and if you have an organization that is scaled to a level over 2000 users or SAML is honestly and truly a must have feature for security or other reasons you're better off hosting yourself. It's a great product but the cloud versions are still maturing.

well I started with my part - and keep a positive attitude, more will happen then let's hope he replies

As a potential customer (not existing) it's good to hear everyones feedback. I think I'll steer clear of using Confluence and keep looking. Thanks!

@ehruska No idea. I would have guessed this ticket would be linked/blocked by other tickets that focus on shared user base.

Takes a good amount of effort to do all the appropriate linking and Atlassian probably hasn't gotten around to it. Maybe they will link more issues to this ticket when they've made more progress and can see the light at the end of the tunnel.

Guys, I've tried the CEO link, got no response. I've tried social media, got no response.

I strongly suspect the CEOs are laughing all the way to the bank at present, and the existing user base is the least of their concern.

Personally, I've had a gutful of serious usability, administrative or security issues being unaddressed, or in the case of Cross Product Search, regressed into being totally unusable. Everyone in our organisation hates using Atlassian Cloud these days. The only good thing I have to say is that the Atlassian Cloud support team are awesome.

@IT Admin in that case shouldn't they link what they are currently doing to this issue? They track everything via issues even internally. Why aren't those related issues linked to this one in order to avoid a distraught customer base?

Perhaps we make a concerted effort to publicly shame them on twitter on this issue? @atlassian #showmethesaml

Well then, if we are all in the same boat, and no one from Atlassian is listening here, I think we need to go bigger. Anyone game for some good old fashion "use the Internet as your megaphone"? I am sure between us all we have plenty of contacts to get this issue published on some sites of note.

I doubt Atlassian has anything to add to this thread at this point.

They laid out the plan to support SAML in the description of this ticket and it's hard to show on roadmap since it involves all their products going to a shared user base. The SAML enablement step that would come after the shared userbase is complete is, in comparison, easy.

One thing I don't understand is why they can't work on introducing SAML for just cloud JIRA/Confluence since they already have a shared user base.. unless what's currently being worked on is actually a whole new way to manage users.

Given the description on this ticket, I'd expect BitBucket to become part of the shared user base as a milestone before we see SAML.

Would be nice to get a clear picture of a roadmap towards getting SAML. Even if it was a 6 month to 1 year timeline at least it would lay out what the remaining pieces are.

I see that this is still Verified and not In Progress. I would like to see that status change soon Atlassian. This is obviously a huge issue.

It would be comical if it wasn't causing my org so much pain.

I agree. Clearly a key issue with a crazy lack of response for an enterprise level item. I took the initiative to push this thread into their "connect with the CEO" form which states it will be read. We should see soon if anyone at Atlassian cares about losing business during product evaluation and supporting their clients as their volume scales.

Is anyone from Atlassian even looking at this thread anymore? I mean this is getting seriously ridiculous.

I agree Nick. We haven't signed for up Confluence yet due to lack of SAML support, and like your comany, we have a hard requirement for all new SaaS deployments to use SSO via our IDP. We recently migrated away from a SaaS platform that had no SAML support because they were unable to provide a roadmap for its implementation.

Sean Byrne,
Unfortunately, I don't think the announcement about Atlassian using Splunk for their Ops/Security needs is going to translate into SAML support in their cloud products. Nicely done, reigniting this discussion though.

Atlassian,
I think you guys/gals should do a better job managing your customers expectations with regard to timing. I know, in Agile, we don't want to commit to dates, and that's likely what's driving the silence (in addition to PMs not reading comments like this). However, as a customer, it's starting to feel like the only way we can communicate the importance of this feature is through lost sales opportunities and cancelled renewals.

As a data point: We have a security product that ensures that SSO logins through our IdP may only be initiated from authorized devices (the device itself is the second factor). We have put a moratorium on all new services that can't support SAML through our IdP. At the moment, we're not applying this retroactively, but at some point we are going to start discarding services that can't help us meet our strategic security requirement. Atlassian, are you listening?

Matijs, we are on the same boat, we already own TFS and that is been pitched as an alternative (specially since we already pay for it). I really like JIRA much better. Hope this issue gets resolved sooner rather than later.

It would be great if this is implemented, we really need this. On-premise is no option for us, and the number of user account is rising.
Some voices in our company say we should look at solutions other than Jira Cloud.

I wouldn't hold your breath.

Hi,

This was in the news the other day:

http://www.splunk.com/view/atlassian-adopts-splunk-software-for-security/SP-CAAAPHT

I'm wondering, in the light of this news article, will SAML integration happen since Splunk has SAML support:

http://docs.splunk.com/Documentation/Splunk/6.3.3/Security/HowSAMLSSOworks

Sean

We also really need to know when SAML is finally going to come to the Jira/Confluence SAAS Cloud. Basically we need to know if it is going to occur and when because managing our user base is just out of control without it. Only other option is to pull it out of the cloud and migrate backwards to a software install (highly undesirable).

It is February now, any updates on when is this coming? We are approaching end of February. We are looking to migrate to the Cloud version but it seems we are going backwards when we have to move away from SSO.

+1 we need this!

+1 for SAML SSO for Jira cloud

Nothing that we as a large body of endlessly waiting existing customers are aware of...the Nov '15 notice from Atlassian at the top of this ticket is unfortunately all we have to go on.

I'm evaluating various SaaS solutions for a wiki style documentation platform and I've found Confluence to be one of the best, but unfortunately the lack of SAML support is a show stopper. Do you have an ETA for SAML support? If it's unlikely that there will be SAML support within the next 3 months then I think we will need to continue our evaluation to focus on other products. We have rolled out a variety of SaaS products in the last 12 months using SAML with complete seemless SSO authentication and have a hard requirement for any new SaaS solutions to support it.

My Global F500 company has rolled out Box for 100,000 employees using SSO such that clicking on a link just takes you seamlessly to the folder. We're keen to see a similar solution in the Atlassian Cloud ecosystem. Perhaps a new product called "Crowd Cloud" could be developed with this enterprise-level SSO capability, configured in just one place - we could pay for that in addition to the regular Cloud apps.

Another vote for SAML from me for JIRA Cloud and Confluence.

Jonathan Richardson, we contemplated that direction too however it has a major flaw due to the way Google provisions accounts. Googles essentially "takes over" your entire domain this adversely affects any user who has already registered an account. Unfortunately for us that is a significant population. But what is interesting to note is that Atlassian support Google login at all and yet claims to not support OAuth. I actually have this in writing from support, I sent copies to my mailing list of IT managers.

We have sort of accomplished this by linking our business Google apps account to a SAML Idp - staff can then access Atlassian products with the google login button - a bit of a cludge and ridiculous that this is not core functionality though.

Atlassian has stated they are working on it but will not give a timeline. I was planning to roll out JIRA company wide but quickly realized that it would be a complete mess without SSO. As far as I'm concerned, it's their loss.

Chris Kirby, I know your pain, this has completely stalled all of our plans. There is no addon that is compatible with the cloud version, frustrated our userbase, and our management. It is so bad we are now looking at migrating to other tools like Trello and Assana. Forget contacting Atlasssian support about it, you would not believe the uppity response I received for something so simple. The funniest part, I actually have working code that could be retrofitted in and actually work, we even offered to give it to them. They refused, they would not even allow me to speak with the Product Manager.

Nothing! You can use the on-prem version of the Atlassian tool suite, or Atlassian can point you to some other companies that can host it on your behalf with whatever plugin you want.

Is anyone aware of an addon that could accomplish this? This is a big one for my team as well...this would be the only tool that we use out of dozens that does not support SAML SSO. This could completely stall our plans to move from the on prem version of JIRA to the cloud instance.

12/26/15
User contacted us via ticket system asking to migrate project from another Jira instance to our new Cloud based Jira instance. The import probably would not have been an issue, authentication and access complications due to lack of SAML support prevented us from moving forward.

12/11/15:
Spoke to peer in Texas about what we were using for our Agile projects. Similar to our situation he needs to be able to control the on-boarding and off-boarding of accounts for all his enterprise services. His situation was even more restrictive as his company audits these sorts of things. I advised him to avoid Atlasssian Cloud apps all together and go with something like Trello instead, they support SAML: http://techcrunch.com/2015/07/28/trello-launches-enterprise-service-with-single-sign-on-support-two-factor-authentication-and-more/.

As this is continuing to cause an issue at my organization, I am going to begin to record for posterity each event I am forced to endure due to Atlasssian's inability to provide SAML integration with Cloud apps.

12/09/15:
Two different support team members had to explain twice to a user that Atlassian Jira Cloud does not support SAML and therefore we can not roll it out to our user base. The client refused to believe the answer the first time and thus asked a different member of the team just to make sure. I provided the client with a link to this ticket and and told them to let their peers know as well.

SAML for cloud, you know it makes sense!

Don't forget to vote/watch this related issue where more comments seem to go;-|.
...waiting...still waiting...

https://jira.atlassian.com/browse/ID-79

It is amazingly arrogant that you would prioritize ui flourishes over enabling enterprise authentication. You are a corporate product, how can you not make this a priority. We have to secure our cloud infrastructure, and integrating with SAML allows us to enforce our own password policies and ensure that once an employee leaves, they are instantly shut off everywhere. The lack of progress across all Atlassian products (Bitbucket feature request log is ridiculous) on simple key corporate features has boggled my mind.

https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=28923
https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=28624
https://www.atlassian.com/company/about/events/summit/2015/sessions/?session=31070

I assume these are all for on-premise? I'd love to see how they did it otherwise.

Still no SAML? Amateurs...

Oct. 27, 2015....still no signs of SAML Integration....

@shane, absolutely do not want to vault credentials. I was surprised to hear their sales guy mention it was a perfectly viable option. Heck, ssl 3 is now compromised so we, and the industry, are buried trying to move to support tls in the browser. It still feels like a product idea - to become a saml provider for Atlassian. Interestingly, Atlassian requires knowledge of the old password before it will let you update your password...so a concept could be setting up a crazy long password when each user is provisioned in Atlassian, and allow that set of credentials to be used to login. There would be no support for a user to update his/her Atlassian account password. First, you could not do it if you were a hacker, and secondly, you would not need to do it since the grant would be authorized by this special provider...simpler today of course remains...where in the he|| is SAML support from Atlassian?

Paul, I don't have experience as such with OneLogin, however you can use password vaulting with Azure AD or PingOne. OneLogin may support that. Not surprised OneLogin have been trying to get them to support this for a long time, but as you can see from the age of the linked issues, Atlassian seem to think that changing the admin interface every second week is more important than helping enterprise customers adopt their cloud offerings. I'm guessing CEO-1001 is the office of the CEO issue. I would dearly love to see what's going on there, especially as I wrote to the CEOs about a number of issues including this one and received no response.

BTW, password vaulting is not a good idea.

Does anyone know if Onelogin has integration with Atlassian Cloud to get SSO? I found this 2012 clip showing how it's done with the old Jira Studio product.
Update: I just spoke with their technical folks and they are just an identity provider. They have no means to act as a saml provider for us with atlassian cloud. They mentioned Onelogin has been trying to get Atlassian to support this for a long time.

We would like to adopt JIRA Cloud with Confluence and Service Desk across a 5,000 staff company and cannot due to the lack of SAML authentication...

Lack of this feature is a showstopper for enterprise customers.

Lack of SSO/SAML support is really preventing us from deploying JIRA and Confluence to a wider audience in my organization. Yes, I can self-host, and I've done that in the past, but I'd rather not manage one more server or set of servers either.

I would agree, you would expect that this would be an feature available.

Unfortunately for us (and for Atlassian sales?) lack of SAML support in Cloud is a show-stopper. We simply can't manage thousands of users manually.

I'm quite surprised this isn't a priority. Most enterprise SaaS apps support SAML SSO.

Why isn't this prioritized. Your Administration functionality is making us look elsewhere for a platform to manage our issues. Who is making the decisions over there?

AD/ADFS/SAML, etc are the key technologies used by most large businesses for managing user accounts and single sign-on to cloud services. Without this feature we are forced to manage two distinct sets of user accounts which is both time consuming and introduces unnecessary risk. Users also have an extra account they need to maintain and can't sign-n seamlessly. All other cloud services we use support SAML/ADFS. This would be very beneficial for your cloud services.

Not having SAML support really SUCKS. My security guys are moaning all the time about starters and leavers, SSO etc.. This has been requested hundreds of times and I'm sure has lost Atlassian customers. I can't understand why they are just 'ignoring' everyone on this.

Please change your stance on this and make it a higher priority. This is incredibly important to corporations trying to implement SSO and something that has become an industry standard among quality cloud service providers.

Actually, I wish I could have more people vote because I was just approached by my BA team on my investigation into the cloud security supported by Jira Agile. My various PD teams wants to move roughly 2,200 seats from on-prem to the cloud but after I told them no SAML, the project is now backloged and now they're looking at other products... not because they want to, we all love JIRA, but the very basic enterprise security features are a non-negotiation requirement for our more sensitive IP.

I think SOC1 also caused concern during our security review, as we do need heavily lean towards SOC2 certifications but 1/5th of our seats could've moved without this I think.

Another vote for SAML here. We're an on-premise customer who would love to use Service Desk for some specific situations not related to dev. Like Chase, we'll probably have to go with something like Zendesk or Freshdesk because this basic (for 2015) SaaS feature is missing.

Chase, couldn't have put it better or not. I think they're content with the small team - and happy to lose enterprise to TFS/Visual Studio Online or equivalent.

Our enterprise is now following suite with every other security-minded corporation and requiring SAML for cloud applications. I immediately had to cancel three disparate team-funded Jira Agile Cloud requests because this pretty-standardized feature doesn't exist. We now have to move forward with a lesser quality product simply due to this one feature set being missing from the Atlassian portfolio.

Reading the feature policy, it doesn't seem to make much sense; you cannot monetize a single user up-vote but I can guarantee you're quietly losing a lot of money for not having basic security auth features we all require. My user upvote was worth 10k a year, another user upvote may cost Atlassian $150k (USD) but because a few small dev shops want some cute feature, their combined $3k a year subscription plan just lowered the priority on Atlassian's compliance into the cloud enterprise marketplace.

Fix your policy please and get enterprise users this critical feature.

I work for SafeNet as a SafeNet Authentication SME, and have had quite a few customers ask for support for JIRA OnDemand and have no 2-factor authentication solution for them since you don't support things like SAML for authentication.

I am seeing this quite a lot now with cloud applications and JIRA OnDemand is definitely one of them.