Table of Contents | ||||
---|---|---|---|---|
|
1. What is
...
Single Sign On. Software that allows employees of companies that use multiple login-based softwares and web-apps to use a single login to sign onto all apps at the same time... Sign in once, and get logged in to all connected applications.
2. Will it remove the necessity to enter my credentials completely?
No. Single sign on is useful when you have several Atlassian applications and want to save time but a user will still need to enter credentials at least once to get authenticated in one tool. After the successful authentication in one tool, the user won't need to enter credentials for the other tools and will be redirected to them automatically via Global SSO validation.
3. Why is it good?
- Saves time for employees so they don't need to log into each Atlassian tool separately with individual accounts that are not connected with each other
- Reduces password fatigue – employees will only need to remember one password instead of many
- Reduces IT stress (and thus costs) because there will be way less IT help desk calls about forgotten or non-functioning passwords (especially if it's a big company)
- Makes life easier for everybody
4. How does SSO work?
A user attempts to access the Atlassian application
IDP sends the SAML Assertion (XML) to our SAML SSO Client with several parameters including user information. This assertion is an XML file containing many parameters like certificate, certificate date, user name or login, and other parameters that help recognize the user.
- SAML SSO Client looks at these parameters and checks whether this assertion is valid or not, that is whether a user exists in the system (Jira for instance) or not. Based on this, SAML SSO Client makes a decision whether to authenticate this user in the system or not.
- If the assertion is valid, SAML SSO Client takes the attribute (username or email for example) and generates a cookie for this user.
- Then SAML SSO client performs a redirect to the needed tool (Jira for instance). All this is happening very fast, many people think that they are redirected from IDP right to the tool (Jira) but in fact they are redirected to SAML SSO client first and then to the tool (Jira in this case).
- Once the user is authenticated in one system (Jira for instance), there is no need to enter credentials for the other systems, as our Global SSO will take care of it. After the first successful login, the user will be authenticated in other systems (Bitbucket, Bamboo, etc.) automatically via SAML SSO Client check.
5. Will it work if we have Crowd? Or ADFS, OneLogin, Centrify, AD, LDAP...
Yes. Global SSO is a standalone component and is not affected by nor does it affect user management tools (Crowd, AD, etc.) or IDP systems (OneLogin, ADFS, Centrify for instance).
It doesn't matter whether:
- users are created/changed somewhere or not
- users sync with AD or not
- users change their last name, password or not
The user will just need to enter the credentials in the IDP portal. Global SSO receives user parameters from IDP and tries to find a user by these parameters in the Atlassian tool. Then based on the validation result, the user either gets authenticated in the Atlassian tool or not.
6. Do you have SSO for Jira Service Desk
...