Hello,

We are currently testing SAML for Atlassian Data Center in our non-production JIRA Data Center environments. The integration with IDP works well, however it does not play well with local system accounts, or local service accounts. As it stands, you either have to accept that your current Windows credentials session will claim your login (when set as primary auth), or you have to enter the system through the IDP site itself, leaving the option to login locally or the old fashioned way as the only option at the JIRA instance (secondary auth). The second option is not appealing, since there is no obvious indication that SAML authentication is available to a user at all, and frankly, will be rarely utilized if an additional step is needed (navigating to the IDP site to then be redirected to JIRA).

What we'd like to suggest: If secondary auth is selected, simply add a button in the login panel that gives the option to login with SAML as well. This would allow users to still login with system accounts (in our case, the main system administrator account), while still allowing SAML functionality as an option, and would not require users to navigate to a secondary site to do so.