• Icon: Suggestion Suggestion
    • Resolution: Fixed
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Atlassian Cloud SAML single sign-on

      SAML single sign-on is available as part of Identity Manager. More information about Identity Manager.
       
      Read up on how to configure SAML single sign-on for our Cloud products.
       
      Thanks for all of your feedback and discussion on this ticket. We'll continue to monitor and respond to it, as well as take on board your requests for future enhancements.
       
      We receive a lot of requests for new features and improvements, so if you'd like to better understand how we make roadmap decisions, please read: https://confluence.atlassian.com/display/DEV/Implementation+of+New+Features+Policy

        1. 02111600.JPG
          02111600.JPG
          194 kB
        2. 2016-12-06_09-33-39.jpg
          2016-12-06_09-33-39.jpg
          78 kB
        3. Claims.PNG
          Claims.PNG
          15 kB
        4. endpoint.PNG
          endpoint.PNG
          15 kB
        5. fields.PNG
          fields.PNG
          20 kB
        6. Identifiers.PNG
          Identifiers.PNG
          15 kB
        7. image001.png
          image001.png
          11 kB
        8. image003.png
          image003.png
          11 kB
        9. image004.png
          image004.png
          14 kB
        10. image005.png
          image005.png
          10 kB
        11. image-2017-02-21-23-25-35-930.png
          image-2017-02-21-23-25-35-930.png
          51 kB
        12. SAC.PNG
          SAC.PNG
          12 kB
        13. screenshot-1.png
          screenshot-1.png
          49 kB
        14. transform.PNG
          transform.PNG
          23 kB

            [ID-80] Support SAML integration with Cloud apps

            Nice to see the beta starting up, now let's hope that they do the same for LDAP, then my company would be able to seriously consider Atlassian Cloud apps.

            Chris Peterson added a comment - Nice to see the beta starting up, now let's hope that they do the same for LDAP, then my company would be able to seriously consider Atlassian Cloud apps.

            Hi thomas.hadig Just passing by to know if you were able to catch this update of the private beta for SAML?

            In case you missed please, fulfill the form in order to participate .

            -------------------

            Best Regards!

            Daniel Brito | Atlassian Cloud Support

            Daniel Brito [Atlassian] added a comment - Hi thomas.hadig Just passing by to know if you were able to catch this update of the private beta for SAML? In case you missed please, fulfill the form in order to participate . ------------------- Best Regards! Daniel Brito | Atlassian Cloud Support

            Please feel free to register to take part in our SAML Private Beta as mentioned in the update at the top of this issue. We would welcome feedback on the feature and the process to enable SAML for your Atlassian sites.

            MFB (Inactive) added a comment - Please feel free to register to take part in our SAML Private Beta as mentioned in the update at the top of this issue. We would welcome feedback on the feature and the process to enable SAML for your Atlassian sites.

            Léon Tebbens added a comment - - edited

            We are now investigation alternatives for Jira, Asana and Phabricator.

            Léon Tebbens added a comment - - edited We are now investigation alternatives for Jira, Asana and Phabricator.

            I wouldn't hold your breath... I've been waiting 5 years for this. Unlikely to happen anytime soon I suspect. There are other decent hosted tools that are equal to Confluence and JIRA.. (Asana et al).

            Paul Cooper added a comment - I wouldn't hold your breath... I've been waiting 5 years for this. Unlikely to happen anytime soon I suspect. There are other decent hosted tools that are equal to Confluence and JIRA.. (Asana et al).

            From Wikipedia: "Atlassian also began a now-popular tradition at software companies where software developers can spend 24 hours tackling any problem they like four times per year. Atlassian calls these ShipIt Days".

            So even if Atlassian Management don't care about their customers, it's clear the developers don't either or this would be fixed by now. JIRA is the Flagship product for Atlassian, and along with issue ID-79 for LDAP integration which has been open for 6 years  this one is stinking up the place.

             

             

            Scott Brown added a comment - From Wikipedia: "Atlassian also began a now-popular tradition at software companies where software developers can spend 24 hours tackling any problem they like four times per year. Atlassian calls these ShipIt Days". So even if Atlassian Management don't care about their customers, it's clear the developers don't either or this would be fixed by now. JIRA is the Flagship product for Atlassian, and along with issue  ID-79 for LDAP integration which has been open for 6 years  this one is stinking up the place.    

            dportello added a comment -

            I'm very familiar with Crowd and have used it in the past, sadly it does not help... as you've noticed.

            dportello added a comment - I'm very familiar with Crowd and have used it in the past, sadly it does not help... as you've noticed.

            @Dennis Portello - they even have their own IdP solution (https://www.atlassian.com/software/crowd), so it's not like they don't have a very good grasp of SAML / OAuth. It's just very odd that it's not integrated into their cloud products, where it would benefit most.

            The Brand Agency added a comment - @Dennis Portello - they even have their own IdP solution ( https://www.atlassian.com/software/crowd ), so it's not like they don't have a very good grasp of SAML / OAuth. It's just very odd that it's not integrated into their cloud products, where it would benefit most.

            Yes - can we have an update please!

            Kevin Cressy added a comment - Yes - can we have an update please!

            dportello added a comment -

            100% agreed with the above... I've used https://github.com/bitly/oauth2_proxy to provide Azure AD authentication to simple sites/applications, and I've integrated oauth2 libraries in apps we've built ourselves. SAML and OAuth2 can be a little mind numbing, but it's not rocket science. There are tons of Java libraries out there that Atlassian could integrate with their products. I just don't get it... smh

            dportello added a comment - 100% agreed with the above... I've used https://github.com/bitly/oauth2_proxy  to provide Azure AD authentication to simple sites/applications, and I've integrated oauth2 libraries in apps we've built ourselves. SAML and OAuth2 can be a little mind numbing, but it's not rocket science. There are tons of Java libraries out there that Atlassian could integrate with their products. I just don't get it... smh

            100% agreed. We actually started setting up Crowd, on a (wrong) understanding that it would allow us to do SAML auth to the Atlassian cloud apps... We were wrong, and very nearly terminated the trial of JIRA. As it stands now, we're only licensing about 10-15% of the users that we would otherwise use if full SAML was available.

            We currently use Azure AD (or ADFS if really needed) for our SAML auth, and integrate with half a dozen other cloud services already. Not just a "nice to have" anymore, but a need for businesses like ours for full adoption.

            The Brand Agency added a comment - 100% agreed. We actually started setting up Crowd, on a (wrong) understanding that it would allow us to do SAML auth to the Atlassian cloud apps... We were wrong, and very nearly terminated the trial of JIRA. As it stands now, we're only licensing about 10-15% of the users that we would otherwise use if full SAML was available. We currently use Azure AD (or ADFS if really needed) for our SAML auth, and integrate with half a dozen other cloud services already. Not just a "nice to have" anymore, but a need for businesses like ours for full adoption.

            Yes, what Dylan said.  An update and timeline guidance, please.

            Adrian Nardi added a comment - Yes, what Dylan said.  An update and timeline guidance, please.

            Dylan Baars added a comment - - edited

            And me as well. Especially interested in integration with ADFS/Azure AD. This is a requirement to even investigate using JIRA cloud for us. Is it possible to get an update on progress for this feature?

            Dylan Baars added a comment - - edited And me as well. Especially interested in integration with ADFS/Azure AD. This is a requirement to even investigate using JIRA cloud for us. Is it possible to get an update on progress for this feature?

            Add me to the chorus of people that need SAML support.  Jira is the only SaaS product we use that does not currently have it.  I cannot realistically expand our usage of Atlassian tools until this exists.

            Nathan Krieger added a comment - Add me to the chorus of people that need SAML support.  Jira is the only SaaS product we use that does not currently have it.  I cannot realistically expand our usage of Atlassian tools until this exists.

            dportello added a comment -

            I've given up on Atlassian as a company wide tool. It's been relegated to a small department within IT where I don't need to worry about managing large number of users.

            dportello added a comment - I've given up on Atlassian as a company wide tool. It's been relegated to a small department within IT where I don't need to worry about managing large number of users.

            Pierre Rousset added a comment - - edited

            JIRA is the last of our apps that doesn't support SAML... Seriously Atlassian? Wake-up we are in 2016 and most companies don't care about the iDP features you are or will provide, they need to integrate with their current iDP platform...

            Pierre Rousset added a comment - - edited JIRA is the last of our apps that doesn't support SAML... Seriously Atlassian? Wake-up we are in 2016 and most companies don't care about the iDP features you are or will provide, they need to integrate with their current iDP platform...

            Bump... (Asana supports SAML btw)

            Paul Cooper added a comment - Bump... (Asana supports SAML btw)

            Mike Hill added a comment -

            We're having a hell of a time getting our password synchronized from our iDP (Okta) via SWA and wouldn't you know it, SAML would solve our problem.

            Unfortunately, I have discovered that Atlassian does not support SAML ATM.

            Tisk, tisk...

            Time is ticking Atlassian and it's high time this standard feature be implemented ASAP. Wouldn't want Atlassian to market share to a competitor simply because of SAML support.

            ESSENTIAL FEATURE

            Mike Hill added a comment - We're having a hell of a time getting our password synchronized from our iDP (Okta) via SWA and wouldn't you know it, SAML would solve our problem. Unfortunately, I have discovered that Atlassian does not support SAML ATM. Tisk, tisk... Time is ticking Atlassian and it's high time this standard feature be implemented ASAP. Wouldn't want Atlassian to market share to a competitor simply because of SAML support. ESSENTIAL FEATURE

            I'd like to adhere to @msholmes comment.

            We are implementing a wide DevOps platform, with cloud and on-premise tools, many of those can authenticate with our SSO platform(Ping Identity) via SAMLv2.

            Almost all of the newest tools have this important feature.

            Alexis Torchinsky added a comment - I'd like to adhere to @msholmes comment. We are implementing a wide DevOps platform, with cloud and on-premise tools, many of those can authenticate with our SSO platform(Ping Identity) via SAMLv2. Almost all of the newest tools have this important feature.

            This feature is essential.

            • MUST defer authentication to our domain's IdP
            • SHOULD support SAML attributes from the IdP to the Atlassian application to auto-create accounts on first successful sign-in (i.e. pull sn, givenName (or displayName), mail)
            • SHOULD support administratively configurable attributes mapped to Atlassian application (e.g. presence of "ConfluenceUser" gives access to Confluence, and "JiraUser" to Jira, etc; absense removes access)

            SAML IdP administrators know the benefits of these capabilities for all parties involved.

            Mark Holmes added a comment - This feature is essential. MUST defer authentication to our domain's IdP SHOULD support SAML attributes from the IdP to the Atlassian application to auto-create accounts on first successful sign-in (i.e. pull sn, givenName (or displayName), mail) SHOULD support administratively configurable attributes mapped to Atlassian application (e.g. presence of "ConfluenceUser" gives access to Confluence, and "JiraUser" to Jira, etc; absense removes access) SAML IdP administrators know the benefits of these capabilities for all parties involved.

            Léon Tebbens added a comment - - edited

            We are looking at cloud-hosted upgrade options for our 2000 users, SAML/ADFS or SAML/KeyCloak is a requirement for us to minimize the acount administration burden and security risks.

            Léon Tebbens added a comment - - edited We are looking at cloud-hosted upgrade options for our 2000 users, SAML/ADFS or SAML/KeyCloak is a requirement for us to minimize the acount administration burden and security risks.

            SAML/ADFS/AzureAD integration is a must. JIRA is the only cloud suite that doesn't fit into our current setup and causes much friction for our users. We have O365, and use JIRA for JIRA,Confluence,Bamboo,Service-Desk. We'd like to understand how Service-Desk would fit into this mix also with non-SSO users (ie. customers) self-registering, and our internal users using SSO.

            Danny Robinson added a comment - SAML/ADFS/AzureAD integration is a must. JIRA is the only cloud suite that doesn't fit into our current setup and causes much friction for our users. We have O365, and use JIRA for JIRA,Confluence,Bamboo,Service-Desk. We'd like to understand how Service-Desk would fit into this mix also with non-SSO users (ie. customers) self-registering, and our internal users using SSO.

            Please support SAML/ADFS soon!

            Shuichi Sakai added a comment - Please support SAML/ADFS soon!

            We are looking at cloud-hosted upgrade options, SAML/ADFS is a requirement for us.

            DataGenic IT added a comment - We are looking at cloud-hosted upgrade options, SAML/ADFS is a requirement for us.

            dportello added a comment -

            I agree with Dan, SAML and OpenID support are necessary.

            dportello added a comment - I agree with Dan, SAML and OpenID support are necessary.

            I would hope they work on both SAML and Open ID. My project is a collaboration of many separate entities and I need to tie them all together. Hopefully we will have that in the future. We had to purchase the server based one and come up with a solution ourselves.......

            I would love to test an Atlassian built solution.

            Dan

            Daniel Ciarlette added a comment - I would hope they work on both SAML and Open ID. My project is a collaboration of many separate entities and I need to tie them all together. Hopefully we will have that in the future. We had to purchase the server based one and come up with a solution ourselves....... I would love to test an Atlassian built solution. Dan

            In this day and age, why head for a dated protocol like SAML and not the more modern Open ID Connect which is gaining traction?

            Vidar Kongsli added a comment - In this day and age, why head for a dated protocol like SAML and not the more modern Open ID Connect which is gaining traction?

            If we were playing Texas hold 'em, your first question would be classified as "tell:" "Atlassian believes a single account for end users will foster lower friction collaboration within and between teams everywhere, and that this is a highly desirable concept for our customers."

            Ultimately, who controls the work that's produced is the question. If you're taking the GitHub approach (where individuals have their own GitHub usernames/passwords and are invited to join a particular company and collaborate on projects), that's one approach. Another approach is that the company that said individual joins is the IdP (Identity Provider), and once said individual leaves that company, (s)he leaves that identity (and work created with it) behind.

            Both approaches have their merits. The GitHub approach to identity management ensures that an increasingly mobile (cough millennial cough) workforce can retain their individual identities & side projects wherever they may roam. The "traditional" corporate approach all but guarantees (at least in the eyes of the employer) that "what's produced here stays here." When you leave the company, you forfeit your access to your identity and the work you produced while you were under their purview.

            I believe we're each entitled to our own opinions on who owns an individuals online identity as it pertains to collaboration tools, especially in the age of an increasingly mobile workforce.

            What's at issue here is how authorized individuals gain access to corporate data.

            If Atlassian is the Identity Provider (hereafter referred to as the IdP), and an individual's identity is "invited" to access corporate data, there are no restrictions on:

            • Two-factor authentication
            • Time-based access
            • Geography, conditional access, etc. (depending on the requirements of the SAML IdP)

            ...whereas, if the company is the IdP, they can dictate the above requirements by refusing to issue a SAML token to their repositories/wikis/etc. to a user who does not meet their security requirements. This should not be understated--it's important from a security POV.

            Furthermore, locking a user out of that company's directory would effectively prohibit access to said company's intellectual property by virtue of the fact that the company is the IdP. With so many disparate systems in use today, will 100% of admins remember 100% of the time to revoke an ex-employee's access to the company's repositories/wikis/etc. upon their departure?

            Not a sermon, just a thought... TM

            CWPS Engineering Subscriptions added a comment - If we were playing Texas hold 'em, your first question would be classified as "tell:" " Atlassian believes a single account for end users will foster lower friction collaboration within and between teams everywhere, and that this is a highly desirable concept for our customers. " Ultimately, who controls the work that's produced is the question. If you're taking the GitHub approach (where individuals have their own GitHub usernames/passwords and are invited to join a particular company and collaborate on projects), that's one approach. Another approach is that the company that said individual joins is the IdP (Identity Provider), and once said individual leaves that company, (s)he leaves that identity (and work created with it) behind. Both approaches have their merits. The GitHub approach to identity management ensures that an increasingly mobile ( cough millennial cough ) workforce can retain their individual identities & side projects wherever they may roam. The "traditional" corporate approach all but guarantees (at least in the eyes of the employer) that "what's produced here stays here." When you leave the company, you forfeit your access to your identity and the work you produced while you were under their purview. I believe we're each entitled to our own opinions on who owns an individuals online identity as it pertains to collaboration tools, especially in the age of an increasingly mobile workforce. What's at issue here is how authorized individuals gain access to corporate data . If Atlassian is the Identity Provider (hereafter referred to as the IdP), and an individual's identity is "invited" to access corporate data, there are no restrictions on: Two-factor authentication Time-based access Geography, conditional access, etc. (depending on the requirements of the SAML IdP) .. .whereas, if the company is the IdP, they can dictate the above requirements by refusing to issue a SAML token to their repositories/wikis/etc. to a user who does not meet their security requirements. This should not be understated--it's important from a security POV. Furthermore, locking a user out of that company's directory would effectively prohibit access to said company's intellectual property by virtue of the fact that the company is the IdP. With so many disparate systems in use today, will 100% of admins remember 100% of the time to revoke an ex-employee's access to the company's repositories/wikis/etc. upon their departure? Not a sermon, just a thought... TM

            I took the survey to mean what would I pay for a combined Jira license, Confluence license, and SAML, so I based my answers on that. Do we expect they were asking for costs of just the SAML feature?

            Hargeet Chani added a comment - I took the survey to mean what would I pay for a combined Jira license, Confluence license, and SAML, so I based my answers on that. Do we expect they were asking for costs of just the SAML feature?

            mdennis784526431 added a comment -

            I'm shocked that after such a looooong time of building this that they are now even considering it as a "Premium" offering. Yes, I get that they had to do a bunch of infrastructure work to enable this. BUT, these:
            • SAML 2.0 SSO Support
            • Custom Domains
            • 2FA Auth with optional SMS
            • Consolidated Billing
            are a core component of what any cloud offering in 2016 should have.

            It is NOT a premium thing at all, period!

            mdennis784526431 added a comment - I'm shocked that after such a looooong time of building this that they are now even considering it as a "Premium" offering. Yes, I get that they had to do a bunch of infrastructure work to enable this. BUT, these: • SAML 2.0 SSO Support • Custom Domains • 2FA Auth with optional SMS • Consolidated Billing are a core component of what any cloud offering in 2016 should have. It is NOT a premium thing at all, period!

            Shane Day added a comment -

            @anthony - absolutely - I got the same survey, and happily answered $0 for each of those.

            Why on EARTH would I pay MORE for a consolidated bill?!?!? Honestly!

            The reason I'd pay $0, and therefore wouldn't purchase those features, is that I expect those features from a SaaS offering. Also, I have no plans to extend my use of Atlassian Cloud, and in fact are actively migrating from it.

            Shane Day added a comment - @anthony - absolutely - I got the same survey, and happily answered $0 for each of those. Why on EARTH would I pay MORE for a consolidated bill?!?!? Honestly! The reason I'd pay $0, and therefore wouldn't purchase those features, is that I expect those features from a SaaS offering. Also, I have no plans to extend my use of Atlassian Cloud, and in fact are actively migrating from it.

            I was hoping for more free form text boxes where I could explain to them that this should not be a separate "premium tier" because after all THEIR SALES TEAM TOLD US THOSE EXACT FEATURES WOULD BE AVAILABLE SHORTLY WHEN WE FIRST BOUGHT INTO THE CLOUD VERSION.

            Anthony Grutta added a comment - I was hoping for more free form text boxes where I could explain to them that this should not be a separate "premium tier" because after all THEIR SALES TEAM TOLD US THOSE EXACT FEATURES WOULD BE AVAILABLE SHORTLY WHEN WE FIRST BOUGHT INTO THE CLOUD VERSION.

            I don't see any reason why I can't share what they sent me if they do truly value our feedback, unless the URL is unique to me. Give it a try:

            Hello,

            Your feedback has been instrumental in developing and improving JIRA and Confluence, and today we invite you to help us understand the value of our product.

            We believe pricing and value should not be a one-sided conversation, so please take a minute to answer our survey. We're excited to receive your feedback!

            https://www.surveygizmo.com/s3/2733520/Atlassian-0202

            Jeff Hoover added a comment - I don't see any reason why I can't share what they sent me if they do truly value our feedback, unless the URL is unique to me. Give it a try: Hello, Your feedback has been instrumental in developing and improving JIRA and Confluence, and today we invite you to help us understand the value of our product. We believe pricing and value should not be a one-sided conversation, so please take a minute to answer our survey. We're excited to receive your feedback! https://www.surveygizmo.com/s3/2733520/Atlassian-0202

            Yes - how do we get an invite to that survey??

            Tracy Rhinehart added a comment - Yes - how do we get an invite to that survey??

            I hope I get an invite, that would be so much fun

            Anthony Grutta added a comment - I hope I get an invite, that would be so much fun

            I was just invited to participate in a survey asking how much we would pay for "JIRA/Confluence Cloud Premium" with:

            • SAML 2.0 SSO Support: Configure SAML authentication via IdPs such as: Okta, OneLogin, Centrify, Ping etc. and any other providers that support SAML 2.0.
            • Custom Domains: Use a customer-provided domain, e.g. yourdomain.com for the Atlassian service.
            • Two Factor Authentication with SMS: Enhanced security multi-factor authentication with optional SMS validation.
            • Consolidated Billing: Manage all of your Atlassian services on a single bill.

            So, it seems as if this feature may be in the works, but Atlassian wants us to pay more for it by calling it a "Premium" feature.

            Jeff Hoover added a comment - I was just invited to participate in a survey asking how much we would pay for "JIRA/Confluence Cloud Premium" with: SAML 2.0 SSO Support: Configure SAML authentication via IdPs such as: Okta, OneLogin, Centrify, Ping etc. and any other providers that support SAML 2.0. Custom Domains: Use a customer-provided domain, e.g. yourdomain.com for the Atlassian service. Two Factor Authentication with SMS: Enhanced security multi-factor authentication with optional SMS validation. Consolidated Billing: Manage all of your Atlassian services on a single bill. So, it seems as if this feature may be in the works, but Atlassian wants us to pay more for it by calling it a "Premium" feature.

            Not all of us use Google Apps. SAML is needed badly.

            Daniel Ciarlette added a comment - Not all of us use Google Apps. SAML is needed badly.

            There is a roundabout way to accomplish this now, but it only works for those companies who use Google Apps for Business. If your Atlassian Cloud instance is set to use Google Apps for authentication and your Google Apps is set to use something else, such as Azure AD or on premise ADFS, it will work. When you go to your Atlassian Cloud and click to sign in with Google, you will be redirected to your ADFS login page. Atlassian won't show up as an App in your Microsoft portal though since Microsoft won't know anything about it. I realize this isn't a feasible workaround for most people and certainly shouldn't be treated as a legitimate solution by Atlassian. Atlassian needs to allow their products to integrate directly, without having to use Google.

            Jeff Hoover added a comment - There is a roundabout way to accomplish this now, but it only works for those companies who use Google Apps for Business. If your Atlassian Cloud instance is set to use Google Apps for authentication and your Google Apps is set to use something else, such as Azure AD or on premise ADFS, it will work. When you go to your Atlassian Cloud and click to sign in with Google, you will be redirected to your ADFS login page. Atlassian won't show up as an App in your Microsoft portal though since Microsoft won't know anything about it. I realize this isn't a feasible workaround for most people and certainly shouldn't be treated as a legitimate solution by Atlassian. Atlassian needs to allow their products to integrate directly, without having to use Google.

            @nginge maybe you want to chime in here?

            Christy James added a comment - @nginge maybe you want to chime in here?

            Chase Abbott added a comment - - edited

            FYI: I spoke with Atlassian's Enterprise Product Managers last year about the inability to meet basic enterprise requirements, beyond SAML (Think CAIQ /Cloud Sec Alliance compliance). This was on the roadmap but those people have since moved on and Atlassian will not return our requests for account management follow ups so we're dropping their cloud platform from available infrastructure options for our corporate use.

            That's just the way it is. They'll still make money and we'll use another option. C'est la vie. Funny enough, Microsoft's "Planner" is getting more and more features so when it gains feature parity with Atlassian's JIRA Agile and Portfolio, it'll be a viable options for enterprises that require cloud security compliance.

            Chase Abbott added a comment - - edited FYI: I spoke with Atlassian's Enterprise Product Managers last year about the inability to meet basic enterprise requirements, beyond SAML (Think CAIQ /Cloud Sec Alliance compliance). This was on the roadmap but those people have since moved on and Atlassian will not return our requests for account management follow ups so we're dropping their cloud platform from available infrastructure options for our corporate use. That's just the way it is. They'll still make money and we'll use another option. C'est la vie. Funny enough, Microsoft's "Planner" is getting more and more features so when it gains feature parity with Atlassian's JIRA Agile and Portfolio, it'll be a viable options for enterprises that require cloud security compliance.

            Same issue here - I have huge fights every few months to keep it up and running. Security is very important these days and managing accounts in multiple environments is just no option if your organization has more than 10 employees working with a tool. Using O365 accounts should be a no brainier for an enterprise solution like Jira...

            In short: 2 years - nothing happend... time to get it done!

            Markus Bühler added a comment - Same issue here - I have huge fights every few months to keep it up and running. Security is very important these days and managing accounts in multiple environments is just no option if your organization has more than 10 employees working with a tool. Using O365 accounts should be a no brainier for an enterprise solution like Jira... In short: 2 years - nothing happend... time to get it done!

            It is really trange that this functionality is not present end priorized in a SAAS solution as JIRA ...
            So My security reponsible refuse us to use JIRA in SAAS.
            What a shame .....

            Jean-Francois JURADO added a comment - It is really trange that this functionality is not present end priorized in a SAAS solution as JIRA ... So My security reponsible refuse us to use JIRA in SAAS. What a shame .....

            I never thought I'd live to see the day but friends my Jira SAML issue may have already been solved. http://techcrunch.com/2016/06/06/microsoft-officially-launches-planner-its-trello-competitor/
            Microsoft already integrated SAML for us awhile back for Office 365 so now we have a solution to migrate off of Jira completely. I urge you all to do the same.

            Anthony Grutta added a comment - I never thought I'd live to see the day but friends my Jira SAML issue may have already been solved. http://techcrunch.com/2016/06/06/microsoft-officially-launches-planner-its-trello-competitor/ Microsoft already integrated SAML for us awhile back for Office 365 so now we have a solution to migrate off of Jira completely. I urge you all to do the same.

            It would be great if this was a SAML 2.0 universal solution so that it would work with other SSO providers like Okta too - right now I'm forced to look at google apps integration to see if that will work for us.

            Gerri Urban added a comment - It would be great if this was a SAML 2.0 universal solution so that it would work with other SSO providers like Okta too - right now I'm forced to look at google apps integration to see if that will work for us.

            Shane Day added a comment -

            @agrutta I have also previously offered to work with them on this topic. ID-79 was my request in hope of getting SOMETHING out of it after that went nowhere.

            I get the impression that this might be a renewed push for Atlassian Crowd. As if Enterprises want to base their identity strategy around a cloud suite of products for developer productivity.

            Shane Day added a comment - @agrutta I have also previously offered to work with them on this topic. ID-79 was my request in hope of getting SOMETHING out of it after that went nowhere. I get the impression that this might be a renewed push for Atlassian Crowd. As if Enterprises want to base their identity strategy around a cloud suite of products for developer productivity.

            I can believe this is what they went with, it is like they are complete missing the point and have completely disregarded the history of this issue.

            First this...
            "Consolidating the multiple user accounts that exist across the Atlassian cloud into a single account, profile and authentication technology - we refer to this as Atlassian account. Rolling out Atlassian account for all users and products allows us to establish a single identity for a given email address and simplify the identity management and authentication requirements for the end user. This also allows SSO for end users into all products and services they're authorised to access"

            This is 100% untrue, I personally provided code that demonstrated that SAML compatibility required no alteration of the "Atlassian account" or any internal authentication or authorization system. And I also demonstrated that this would not have to be implemented across all products, it could simply be an option isolated to an individual app and turned on by the administrator for use within the subdomain. I offered this code up to Atlassian and even asked to speak to the product owner, it fell on deaf ears.

            Next we have this little gem...
            "Establishing account ownership principles that allow administrators to assert a claim over users within their domain. We need to provide assurance to admins that user accounts they lay claim to can be administered only by them - including accounts managed via SAML. We implicitly have this today with user accounts being scoped to a given tenant, but the global uniqueness of Atlassian account means that we have to make this explicit"

            Seriously? You have no idea how SAML is implemented do you? Accounts don't have to be managed by SAML it can simply be used as a mechanism to authenticate that a user exists via the remote IDP, the authorization can them be handled by the Atlassian side of things which could also be further manipulated by clients using the REST api (for automation purposes).

            What even gets more frustrating...
            "Rolling out these pillars entails a significant amount of effort, and has been the focus of our team for some time. A lot of the foundation components happen under the covers which means that there's no immediately visible impact to users or administrators that we can share."

            I call BS! I offered to give you the code, I was willing to provide a demonstration, this would have been a PATCH!!!!

            Finally...
            "I hope our team will be able to share a more substantial update in the near future."

            Define near it's been since 2014, this is obviously not a priority and all this proves that when we started to voice our dissatisfaction via social media all of a sudden you took notice. It just shows we need to be louder!

            Anthony Grutta added a comment - I can believe this is what they went with, it is like they are complete missing the point and have completely disregarded the history of this issue. First this... "Consolidating the multiple user accounts that exist across the Atlassian cloud into a single account, profile and authentication technology - we refer to this as Atlassian account. Rolling out Atlassian account for all users and products allows us to establish a single identity for a given email address and simplify the identity management and authentication requirements for the end user. This also allows SSO for end users into all products and services they're authorised to access" This is 100% untrue, I personally provided code that demonstrated that SAML compatibility required no alteration of the "Atlassian account" or any internal authentication or authorization system. And I also demonstrated that this would not have to be implemented across all products, it could simply be an option isolated to an individual app and turned on by the administrator for use within the subdomain. I offered this code up to Atlassian and even asked to speak to the product owner, it fell on deaf ears. Next we have this little gem... "Establishing account ownership principles that allow administrators to assert a claim over users within their domain. We need to provide assurance to admins that user accounts they lay claim to can be administered only by them - including accounts managed via SAML. We implicitly have this today with user accounts being scoped to a given tenant, but the global uniqueness of Atlassian account means that we have to make this explicit" Seriously? You have no idea how SAML is implemented do you? Accounts don't have to be managed by SAML it can simply be used as a mechanism to authenticate that a user exists via the remote IDP, the authorization can them be handled by the Atlassian side of things which could also be further manipulated by clients using the REST api (for automation purposes). What even gets more frustrating... "Rolling out these pillars entails a significant amount of effort, and has been the focus of our team for some time. A lot of the foundation components happen under the covers which means that there's no immediately visible impact to users or administrators that we can share." I call BS! I offered to give you the code, I was willing to provide a demonstration, this would have been a PATCH!!!! Finally... "I hope our team will be able to share a more substantial update in the near future." Define near it's been since 2014, this is obviously not a priority and all this proves that when we started to voice our dissatisfaction via social media all of a sudden you took notice. It just shows we need to be louder!

            @nginige how about even a broad ETA so we can plan how to run our businesses and decide if we need to pull out of cloud or wait for the solution? That response was just a lot of blah blah blah and tells us nothing different than what you did years ago. In fact, it was interesting that it came over the pipe as an edited version of essentially the same response as Nov 2015. It isn't a particularly compelling story if you can't supply any better information than that from 5 months ago. I'd interpret that as zero planning or progress.

            Christy James added a comment - @nginige how about even a broad ETA so we can plan how to run our businesses and decide if we need to pull out of cloud or wait for the solution? That response was just a lot of blah blah blah and tells us nothing different than what you did years ago. In fact, it was interesting that it came over the pipe as an edited version of essentially the same response as Nov 2015. It isn't a particularly compelling story if you can't supply any better information than that from 5 months ago. I'd interpret that as zero planning or progress.

            It is great that Atlassian is working on this issue and explaining that it is a large effort is helps. But the fact remains that not even Q3 2016 or Q2 2017 is thrown out. I wish I could do that at my company, we are working on your requests you will have your features some day. Why is it so hard to give some sort of target, not looking for an exact date?

            Fabian Valencia added a comment - It is great that Atlassian is working on this issue and explaining that it is a large effort is helps. But the fact remains that not even Q3 2016 or Q2 2017 is thrown out. I wish I could do that at my company, we are working on your requests you will have your features some day. Why is it so hard to give some sort of target, not looking for an exact date?

            Shane Day added a comment -

            Agree with all the comments - perhaps SAML enabling ALL products would be the best way to deal with this? Insert your Atlassian Uniqueness ID in the SP layer. Problem solved.

            Shane Day added a comment - Agree with all the comments - perhaps SAML enabling ALL products would be the best way to deal with this? Insert your Atlassian Uniqueness ID in the SP layer. Problem solved.

            IT Admin added a comment -

            If an ETA is unrealistic, would it at least be possible to link the blocking tickets to this one so we can see the progress as those tickets get closed out?

            IT Admin added a comment - If an ETA is unrealistic, would it at least be possible to link the blocking tickets to this one so we can see the progress as those tickets get closed out?

            Yadda, yadda, your call is important to us.... yadda, yadda, we value your business...

            Consolidating all Atlassian products to one account while noble, sounds like a large job (read: lengthy).
            Adding SAML support to existing Jira accounts, (even a temporary, unsupported Beta) could probably be knocked out in a couple of weeks. We've been waiting years for this, please don't make us wait more years.

            Scott Brown added a comment - Yadda, yadda, your call is important to us.... yadda, yadda, we value your business... Consolidating all Atlassian products to one account while noble, sounds like a large job (read: lengthy). Adding SAML support to existing Jira accounts, (even a temporary, unsupported Beta) could probably be knocked out in a couple of weeks. We've been waiting years for this, please don't make us wait more years.

            @Nuwan Thanks for the update, I appreciate knowing my voice is being heard. However this has been a very long-running issue as you note and your message is essentially the same as the previous message dated 19 November 2015 and, almost four months later, does not contain a "more substantial update" regarding ETA.

            itsupport@nsamgroup.com added a comment - @Nuwan Thanks for the update, I appreciate knowing my voice is being heard. However this has been a very long-running issue as you note and your message is essentially the same as the previous message dated 19 November 2015 and, almost four months later, does not contain a "more substantial update" regarding ETA.

            Nuwan Ginige, how about providing an ETA?

            Ben Christian added a comment - Nuwan Ginige, how about providing an ETA?

            • Michael
              The problem is not the user Sync. It is having a Single Sing On. Who needs one more password to store and control? Not to say that adding users via your technique is not helpful.

            Fabian Valencia added a comment - Michael The problem is not the user Sync. It is having a Single Sing On. Who needs one more password to store and control? Not to say that adding users via your technique is not helpful.

            I worked around this feature gap by writing a script that uses the JIRA API to get all active users and compares them against an internal Active Directory. Anyone not active in AD is deactivated in JIRA. It's not perfect, but it does the trick. Source code is shared on GitHub: https://github.com/katonahmike/jira-ldap-sync

            Michael Hicks added a comment - I worked around this feature gap by writing a script that uses the JIRA API to get all active users and compares them against an internal Active Directory. Anyone not active in AD is deactivated in JIRA. It's not perfect, but it does the trick. Source code is shared on GitHub: https://github.com/katonahmike/jira-ldap-sync

            I had the same thought. There's always the ulitmate goal, the most ideal solution, but sometimes you need to put in a stop gap to deliver something high value, even if it temporarilly deviates from that vision. It sounds like it will be 1-2 years before all the products share the same platform, where-as enabling SAML for individual platforms based on demand would be pretty straight forwad and fill a massive void.

            Ben Christian added a comment - I had the same thought. There's always the ulitmate goal, the most ideal solution, but sometimes you need to put in a stop gap to deliver something high value, even if it temporarilly deviates from that vision. It sounds like it will be 1-2 years before all the products share the same platform, where-as enabling SAML for individual platforms based on demand would be pretty straight forwad and fill a massive void.

            Also the more I think about it, why does consolidating all the products is a higher priority rather than enabling SAML on JIRA Software. Then migrate all the products to use the same mechanism. Getting all JIRA users to have SAML activated seems like a pretty big win. Having other products use the same user base can happen right after.

            Fabian Valencia added a comment - Also the more I think about it, why does consolidating all the products is a higher priority rather than enabling SAML on JIRA Software. Then migrate all the products to use the same mechanism. Getting all JIRA users to have SAML activated seems like a pretty big win. Having other products use the same user base can happen right after.

            I stated this earlier in the thread, but I did open a new CEO message last week. The response to it as of 2/24 from their support team was:
            "I have relayed your message to the appropriate parties to provide further insight into ID-80. You will be hearing from a Product Manager to provide you with an update on the status of the feature request."
            As of 3/3 no feedback to either this thread or the CEO support ticket CEO-2586.
            I hold out hope that eventually the product manager will reply to this string and the delay is due to them thoroughly evaluating the request to get us accurate information #optimist

            Christy James added a comment - I stated this earlier in the thread, but I did open a new CEO message last week. The response to it as of 2/24 from their support team was: "I have relayed your message to the appropriate parties to provide further insight into ID-80 . You will be hearing from a Product Manager to provide you with an update on the status of the feature request." As of 3/3 no feedback to either this thread or the CEO support ticket CEO-2586. I hold out hope that eventually the product manager will reply to this string and the delay is due to them thoroughly evaluating the request to get us accurate information #optimist

            @Shane Day

            Nevermind then, I got an email today stating that there was something added to it, and thought it was the CEO link.

            The email came in around 12:09 PM from Elisa Diel [Atlassian], with the message: https://support.atlassian.com/browse/JST-185547

            So nevermind.

            Andrew Doering added a comment - @Shane Day Nevermind then, I got an email today stating that there was something added to it, and thought it was the CEO link. The email came in around 12:09 PM from Elisa Diel [Atlassian] , with the message: https://support.atlassian.com/browse/JST-185547 So nevermind.

            Shane Day added a comment -

            @Andrew Doering - the CEO ticket has been linked for about a year. Don't hold your breath.

            Shane Day added a comment - @Andrew Doering - the CEO ticket has been linked for about a year. Don't hold your breath.

            We implore...

            Paul Alexander added a comment - We implore...

            So now there is a CEO ticket, but we are unable to see it... so I guess that is some headway.

            Andrew Doering added a comment - So now there is a CEO ticket, but we are unable to see it... so I guess that is some headway.

            Go retweet @Erik Segerstolpe tweet +1

            Patrick Paulino added a comment - Go retweet @Erik Segerstolpe tweet +1

            The case for LDAP integration (https://jira.atlassian.com/browse/ID-79) was opened in 2009. That was 7 years ago and still nothing.
            Just setting some expectations for you all...

            Scott Brown added a comment - The case for LDAP integration ( https://jira.atlassian.com/browse/ID-79 ) was opened in 2009. That was 7 years ago and still nothing. Just setting some expectations for you all...

            @john.colburn It looks great. We requires a SaaS solution but we need SAML to support seemless SSO for users who are on-premises, as well as MFA for those who are mobile/remote. We are planning on storing sensitive information so we can't rely on only username/password for an internet facing platform.

            Ben Christian added a comment - @john.colburn It looks great. We requires a SaaS solution but we need SAML to support seemless SSO for users who are on-premises, as well as MFA for those who are mobile/remote. We are planning on storing sensitive information so we can't rely on only username/password for an internet facing platform.

            John Colburn,
            Are you serious, maturing? In 2014 we were promised this, heck when we got it the rep told us "oh yeah SAML will be ready by the time you go live", that was YEARS ago now!

            Anthony Grutta added a comment - John Colburn, Are you serious, maturing? In 2014 we were promised this, heck when we got it the rep told us "oh yeah SAML will be ready by the time you go live", that was YEARS ago now!

            @bchristian Confluence is great and if you have an organization that is scaled to a level over 2000 users or SAML is honestly and truly a must have feature for security or other reasons you're better off hosting yourself. It's a great product but the cloud versions are still maturing.

            John Colburn added a comment - @bchristian Confluence is great and if you have an organization that is scaled to a level over 2000 users or SAML is honestly and truly a must have feature for security or other reasons you're better off hosting yourself. It's a great product but the cloud versions are still maturing.

            well I started with my part - and keep a positive attitude, more will happen then let's hope he replies

            Erik Segerstolpe added a comment - well I started with my part - and keep a positive attitude, more will happen then let's hope he replies

            As a potential customer (not existing) it's good to hear everyones feedback. I think I'll steer clear of using Confluence and keep looking. Thanks!

            Ben Christian added a comment - As a potential customer (not existing) it's good to hear everyones feedback. I think I'll steer clear of using Confluence and keep looking. Thanks!

            IT Admin added a comment -

            @ehruska No idea. I would have guessed this ticket would be linked/blocked by other tickets that focus on shared user base.

            Takes a good amount of effort to do all the appropriate linking and Atlassian probably hasn't gotten around to it. Maybe they will link more issues to this ticket when they've made more progress and can see the light at the end of the tunnel.

            IT Admin added a comment - @ehruska No idea. I would have guessed this ticket would be linked/blocked by other tickets that focus on shared user base. Takes a good amount of effort to do all the appropriate linking and Atlassian probably hasn't gotten around to it. Maybe they will link more issues to this ticket when they've made more progress and can see the light at the end of the tunnel.

            Shane Day added a comment -

            Guys, I've tried the CEO link, got no response. I've tried social media, got no response.

            I strongly suspect the CEOs are laughing all the way to the bank at present, and the existing user base is the least of their concern.

            Personally, I've had a gutful of serious usability, administrative or security issues being unaddressed, or in the case of Cross Product Search, regressed into being totally unusable. Everyone in our organisation hates using Atlassian Cloud these days. The only good thing I have to say is that the Atlassian Cloud support team are awesome.

            Shane Day added a comment - Guys, I've tried the CEO link, got no response. I've tried social media, got no response. I strongly suspect the CEOs are laughing all the way to the bank at present, and the existing user base is the least of their concern. Personally, I've had a gutful of serious usability, administrative or security issues being unaddressed, or in the case of Cross Product Search, regressed into being totally unusable. Everyone in our organisation hates using Atlassian Cloud these days. The only good thing I have to say is that the Atlassian Cloud support team are awesome.

            ewanh added a comment -

            @IT Admin in that case shouldn't they link what they are currently doing to this issue? They track everything via issues even internally. Why aren't those related issues linked to this one in order to avoid a distraught customer base?

            ewanh added a comment - @IT Admin in that case shouldn't they link what they are currently doing to this issue? They track everything via issues even internally. Why aren't those related issues linked to this one in order to avoid a distraught customer base?

            Perhaps we make a concerted effort to publicly shame them on twitter on this issue? @atlassian #showmethesaml

            Steve Sabljak added a comment - Perhaps we make a concerted effort to publicly shame them on twitter on this issue? @atlassian #showmethesaml

            Well then, if we are all in the same boat, and no one from Atlassian is listening here, I think we need to go bigger. Anyone game for some good old fashion "use the Internet as your megaphone"? I am sure between us all we have plenty of contacts to get this issue published on some sites of note.

            Anthony Grutta added a comment - Well then, if we are all in the same boat, and no one from Atlassian is listening here, I think we need to go bigger. Anyone game for some good old fashion "use the Internet as your megaphone"? I am sure between us all we have plenty of contacts to get this issue published on some sites of note.

            IT Admin added a comment -

            I doubt Atlassian has anything to add to this thread at this point.

            They laid out the plan to support SAML in the description of this ticket and it's hard to show on roadmap since it involves all their products going to a shared user base. The SAML enablement step that would come after the shared userbase is complete is, in comparison, easy.

            One thing I don't understand is why they can't work on introducing SAML for just cloud JIRA/Confluence since they already have a shared user base.. unless what's currently being worked on is actually a whole new way to manage users.

            Given the description on this ticket, I'd expect BitBucket to become part of the shared user base as a milestone before we see SAML.

            Would be nice to get a clear picture of a roadmap towards getting SAML. Even if it was a 6 month to 1 year timeline at least it would lay out what the remaining pieces are.

            IT Admin added a comment - I doubt Atlassian has anything to add to this thread at this point. They laid out the plan to support SAML in the description of this ticket and it's hard to show on roadmap since it involves all their products going to a shared user base. The SAML enablement step that would come after the shared userbase is complete is, in comparison, easy. One thing I don't understand is why they can't work on introducing SAML for just cloud JIRA/Confluence since they already have a shared user base.. unless what's currently being worked on is actually a whole new way to manage users. Given the description on this ticket, I'd expect BitBucket to become part of the shared user base as a milestone before we see SAML. Would be nice to get a clear picture of a roadmap towards getting SAML. Even if it was a 6 month to 1 year timeline at least it would lay out what the remaining pieces are.

            ewanh added a comment -

            Also, I don't feel like anyone from Atlassian is monitoring this as:

            Assignee: Unassigned
            Reporter: dwierzbicka Dora Wierzbicka [Atlassian] (Inactive)

            ewanh added a comment - Also, I don't feel like anyone from Atlassian is monitoring this as: Assignee: Unassigned Reporter: dwierzbicka Dora Wierzbicka [Atlassian] (Inactive)

            ewanh added a comment -

            I see that this is still Verified and not In Progress. I would like to see that status change soon Atlassian. This is obviously a huge issue.

            ewanh added a comment - I see that this is still Verified and not In Progress. I would like to see that status change soon Atlassian. This is obviously a huge issue.

            It would be comical if it wasn't causing my org so much pain.

            Dennis Portello added a comment - It would be comical if it wasn't causing my org so much pain.

            I agree. Clearly a key issue with a crazy lack of response for an enterprise level item. I took the initiative to push this thread into their "connect with the CEO" form which states it will be read. We should see soon if anyone at Atlassian cares about losing business during product evaluation and supporting their clients as their volume scales.

            Christy James added a comment - I agree. Clearly a key issue with a crazy lack of response for an enterprise level item. I took the initiative to push this thread into their "connect with the CEO" form which states it will be read. We should see soon if anyone at Atlassian cares about losing business during product evaluation and supporting their clients as their volume scales.

            Is anyone from Atlassian even looking at this thread anymore? I mean this is getting seriously ridiculous.

            Anthony Grutta added a comment - Is anyone from Atlassian even looking at this thread anymore? I mean this is getting seriously ridiculous.

            I agree Nick. We haven't signed for up Confluence yet due to lack of SAML support, and like your comany, we have a hard requirement for all new SaaS deployments to use SSO via our IDP. We recently migrated away from a SaaS platform that had no SAML support because they were unable to provide a roadmap for its implementation.

            Ben Christian added a comment - I agree Nick. We haven't signed for up Confluence yet due to lack of SAML support, and like your comany, we have a hard requirement for all new SaaS deployments to use SSO via our IDP. We recently migrated away from a SaaS platform that had no SAML support because they were unable to provide a roadmap for its implementation.

            Sean Byrne,
            Unfortunately, I don't think the announcement about Atlassian using Splunk for their Ops/Security needs is going to translate into SAML support in their cloud products. Nicely done, reigniting this discussion though.

            Atlassian,
            I think you guys/gals should do a better job managing your customers expectations with regard to timing. I know, in Agile, we don't want to commit to dates, and that's likely what's driving the silence (in addition to PMs not reading comments like this). However, as a customer, it's starting to feel like the only way we can communicate the importance of this feature is through lost sales opportunities and cancelled renewals.

            As a data point: We have a security product that ensures that SSO logins through our IdP may only be initiated from authorized devices (the device itself is the second factor). We have put a moratorium on all new services that can't support SAML through our IdP. At the moment, we're not applying this retroactively, but at some point we are going to start discarding services that can't help us meet our strategic security requirement. Atlassian, are you listening?

            Nick DeSimone added a comment - Sean Byrne, Unfortunately, I don't think the announcement about Atlassian using Splunk for their Ops/Security needs is going to translate into SAML support in their cloud products. Nicely done, reigniting this discussion though. Atlassian, I think you guys/gals should do a better job managing your customers expectations with regard to timing. I know, in Agile, we don't want to commit to dates, and that's likely what's driving the silence (in addition to PMs not reading comments like this). However, as a customer, it's starting to feel like the only way we can communicate the importance of this feature is through lost sales opportunities and cancelled renewals. As a data point: We have a security product that ensures that SSO logins through our IdP may only be initiated from authorized devices (the device itself is the second factor). We have put a moratorium on all new services that can't support SAML through our IdP. At the moment, we're not applying this retroactively, but at some point we are going to start discarding services that can't help us meet our strategic security requirement. Atlassian, are you listening?

            Matijs, we are on the same boat, we already own TFS and that is been pitched as an alternative (specially since we already pay for it). I really like JIRA much better. Hope this issue gets resolved sooner rather than later.

            Fabian Valencia added a comment - Matijs, we are on the same boat, we already own TFS and that is been pitched as an alternative (specially since we already pay for it). I really like JIRA much better. Hope this issue gets resolved sooner rather than later.

            It would be great if this is implemented, we really need this. On-premise is no option for us, and the number of user account is rising.
            Some voices in our company say we should look at solutions other than Jira Cloud.

            Matijs Visser added a comment - It would be great if this is implemented, we really need this. On-premise is no option for us, and the number of user account is rising. Some voices in our company say we should look at solutions other than Jira Cloud.

            I wouldn't hold your breath.

            dennis dennis added a comment - I wouldn't hold your breath.

            SeanB added a comment -

            Hi,

            This was in the news the other day:

            http://www.splunk.com/view/atlassian-adopts-splunk-software-for-security/SP-CAAAPHT

            I'm wondering, in the light of this news article, will SAML integration happen since Splunk has SAML support:

            http://docs.splunk.com/Documentation/Splunk/6.3.3/Security/HowSAMLSSOworks

            Sean

            SeanB added a comment - Hi, This was in the news the other day: http://www.splunk.com/view/atlassian-adopts-splunk-software-for-security/SP-CAAAPHT I'm wondering, in the light of this news article, will SAML integration happen since Splunk has SAML support: http://docs.splunk.com/Documentation/Splunk/6.3.3/Security/HowSAMLSSOworks Sean

            We also really need to know when SAML is finally going to come to the Jira/Confluence SAAS Cloud. Basically we need to know if it is going to occur and when because managing our user base is just out of control without it. Only other option is to pull it out of the cloud and migrate backwards to a software install (highly undesirable).

            Christy James added a comment - We also really need to know when SAML is finally going to come to the Jira/Confluence SAAS Cloud. Basically we need to know if it is going to occur and when because managing our user base is just out of control without it. Only other option is to pull it out of the cloud and migrate backwards to a software install (highly undesirable).

            It is February now, any updates on when is this coming? We are approaching end of February. We are looking to migrate to the Cloud version but it seems we are going backwards when we have to move away from SSO.

            Fabian Valencia added a comment - It is February now, any updates on when is this coming? We are approaching end of February. We are looking to migrate to the Cloud version but it seems we are going backwards when we have to move away from SSO.

            +1 we need this!

            Patrick Paulino added a comment - +1 we need this!

            +1 for SAML SSO for Jira cloud

            Josh Higgins added a comment - +1 for SAML SSO for Jira cloud

            Nothing that we as a large body of endlessly waiting existing customers are aware of...the Nov '15 notice from Atlassian at the top of this ticket is unfortunately all we have to go on.

            Paul Alexander added a comment - Nothing that we as a large body of endlessly waiting existing customers are aware of...the Nov '15 notice from Atlassian at the top of this ticket is unfortunately all we have to go on.

            I'm evaluating various SaaS solutions for a wiki style documentation platform and I've found Confluence to be one of the best, but unfortunately the lack of SAML support is a show stopper. Do you have an ETA for SAML support? If it's unlikely that there will be SAML support within the next 3 months then I think we will need to continue our evaluation to focus on other products. We have rolled out a variety of SaaS products in the last 12 months using SAML with complete seemless SSO authentication and have a hard requirement for any new SaaS solutions to support it.

            Ben Christian added a comment - I'm evaluating various SaaS solutions for a wiki style documentation platform and I've found Confluence to be one of the best, but unfortunately the lack of SAML support is a show stopper. Do you have an ETA for SAML support? If it's unlikely that there will be SAML support within the next 3 months then I think we will need to continue our evaluation to focus on other products. We have rolled out a variety of SaaS products in the last 12 months using SAML with complete seemless SSO authentication and have a hard requirement for any new SaaS solutions to support it.

            ember3 added a comment -

            My Global F500 company has rolled out Box for 100,000 employees using SSO such that clicking on a link just takes you seamlessly to the folder. We're keen to see a similar solution in the Atlassian Cloud ecosystem. Perhaps a new product called "Crowd Cloud" could be developed with this enterprise-level SSO capability, configured in just one place - we could pay for that in addition to the regular Cloud apps.

            ember3 added a comment - My Global F500 company has rolled out Box for 100,000 employees using SSO such that clicking on a link just takes you seamlessly to the folder. We're keen to see a similar solution in the Atlassian Cloud ecosystem. Perhaps a new product called "Crowd Cloud" could be developed with this enterprise-level SSO capability, configured in just one place - we could pay for that in addition to the regular Cloud apps.

            Another vote for SAML from me for JIRA Cloud and Confluence.

            Jeremy Lloyd added a comment - Another vote for SAML from me for JIRA Cloud and Confluence.

            Jonathan Richardson, we contemplated that direction too however it has a major flaw due to the way Google provisions accounts. Googles essentially "takes over" your entire domain this adversely affects any user who has already registered an account. Unfortunately for us that is a significant population. But what is interesting to note is that Atlassian support Google login at all and yet claims to not support OAuth. I actually have this in writing from support, I sent copies to my mailing list of IT managers.

            Anthony Grutta added a comment - Jonathan Richardson, we contemplated that direction too however it has a major flaw due to the way Google provisions accounts. Googles essentially "takes over" your entire domain this adversely affects any user who has already registered an account. Unfortunately for us that is a significant population. But what is interesting to note is that Atlassian support Google login at all and yet claims to not support OAuth. I actually have this in writing from support, I sent copies to my mailing list of IT managers.

            We have sort of accomplished this by linking our business Google apps account to a SAML Idp - staff can then access Atlassian products with the google login button - a bit of a cludge and ridiculous that this is not core functionality though.

            Jonathan Richardson added a comment - We have sort of accomplished this by linking our business Google apps account to a SAML Idp - staff can then access Atlassian products with the google login button - a bit of a cludge and ridiculous that this is not core functionality though.

            Atlassian has stated they are working on it but will not give a timeline. I was planning to roll out JIRA company wide but quickly realized that it would be a complete mess without SSO. As far as I'm concerned, it's their loss.

            Dennis Portello added a comment - Atlassian has stated they are working on it but will not give a timeline. I was planning to roll out JIRA company wide but quickly realized that it would be a complete mess without SSO. As far as I'm concerned, it's their loss.

            Chris Kirby, I know your pain, this has completely stalled all of our plans. There is no addon that is compatible with the cloud version, frustrated our userbase, and our management. It is so bad we are now looking at migrating to other tools like Trello and Assana. Forget contacting Atlasssian support about it, you would not believe the uppity response I received for something so simple. The funniest part, I actually have working code that could be retrofitted in and actually work, we even offered to give it to them. They refused, they would not even allow me to speak with the Product Manager.

            Anthony Grutta added a comment - Chris Kirby, I know your pain, this has completely stalled all of our plans. There is no addon that is compatible with the cloud version, frustrated our userbase, and our management. It is so bad we are now looking at migrating to other tools like Trello and Assana. Forget contacting Atlasssian support about it, you would not believe the uppity response I received for something so simple. The funniest part, I actually have working code that could be retrofitted in and actually work, we even offered to give it to them. They refused, they would not even allow me to speak with the Product Manager.

            Nothing! You can use the on-prem version of the Atlassian tool suite, or Atlassian can point you to some other companies that can host it on your behalf with whatever plugin you want.

            Dennis Portello added a comment - Nothing! You can use the on-prem version of the Atlassian tool suite, or Atlassian can point you to some other companies that can host it on your behalf with whatever plugin you want.

            Is anyone aware of an addon that could accomplish this? This is a big one for my team as well...this would be the only tool that we use out of dozens that does not support SAML SSO. This could completely stall our plans to move from the on prem version of JIRA to the cloud instance.

            Chris Kirby added a comment - Is anyone aware of an addon that could accomplish this? This is a big one for my team as well...this would be the only tool that we use out of dozens that does not support SAML SSO. This could completely stall our plans to move from the on prem version of JIRA to the cloud instance.

            Anthony Grutta added a comment - - edited

            12/26/15
            User contacted us via ticket system asking to migrate project from another Jira instance to our new Cloud based Jira instance. The import probably would not have been an issue, authentication and access complications due to lack of SAML support prevented us from moving forward.

            Anthony Grutta added a comment - - edited 12/26/15 User contacted us via ticket system asking to migrate project from another Jira instance to our new Cloud based Jira instance. The import probably would not have been an issue, authentication and access complications due to lack of SAML support prevented us from moving forward.

              Unassigned Unassigned
              dwierzbicka Dobroslawa Wierzbicka (Inactive)
              Votes:
              473 Vote for this issue
              Watchers:
              380 Start watching this issue

                Created:
                Updated:
                Resolved: