resolution SAML SSO vs Atlassian Data Center | SSO Extended Feature Comparison

resolution SAML SSO vs Atlassian Data Center | SSO Extended Feature Comparison

What's the 
right solution for me
 ?

resolution SAML SSO vs Atlassian Data Center

Here’s an overview of the similarities and differences between resolution SAML Single Sign On (SSO) Apps and Atlassian’s built-in SAML SSO Apps. The content has a similar structure to our actual app configuration page so that our existing customers can quickly follow their own setup.

Comparison Overview

Table of Contents

Setting up Identity Providers (IdP)

resolution DC SAML SSO Image Atlassian DC SAML SSO

Setup Wizard

  • Easily configure your SAML SSO, guided by setup wizard
  • Identity Specific guides for major providers. 

Easily configure your

Manual configuration only, without IdP specific guides. 

 

Setting up IdP via Metadata

  • Reload Metadata automatically based on a configurable interval to avoid interruptions due to expired certificates.
  • SAML IdPs with HTTP POST and REDIRECT bindings are supported.

Setting_up_IdP_via_Metadata

Manual configuration

  • Metadata is not supported
  • Certificates must be modified manually after expiration.
  • Only SAML IdPs with HTTP POST binding are supported.

Enable Single Log Out

  • Ability to logout user from IdP and other Applications when logging out of the Atlassian applications.
  • Ability to honor logout requests from IdP when the user logged out of other application

Enable Single Log Out_1

Not supported:

  • Logout only terminates the Atlassian session.
  • Logging out from IdP or via IdP does not close the Atlassian applications (potential security risk)

User Provisioning

resolution DC SAML SSO Image Atlassian DC SAML SSO

Choose User Creation & Update Method among:

  • Just-in-Time (JiT) Provisioning:
    Creating the User based on values from the SAML-response during login.
  • Update with User Sync-Connector:
    Using our User Sync method to synchronize them ahead of time and to a update during login (see below)
  • Update with User Sync-Connector and apply SAML attributes:
    Can combine the best of Both worlds - information from Usersync & from the SAML response.
  • Search user account to log in by attributes other than just Username (i.e., external ID or eMail address) in the Atlassian Application

Choose User Creation & Update Method among

Update and create a user with only Just-in-Time provisioning method and search for user account in Atlassian Application by Username only.
User and Group Attribute Mapping:
  • Map and match any IdP attribute to any local attribute into Confluence Profiles, including location or phone.
  • Attributes can be modified ( “transformed”) according to rules, like:
  • Remove domain names;
  • Combine attributes;
  • Choose alternatives;
  • Use custom logic with Groovy scripts.
  • Integrations with popular Apps like LinchPin Social Profile, Scriptrunner, and more.
  • Distinguishes between users created with SAML and local users for JiT updates.
  • Choose the directory where new users should be stored.

User and Group Attribute Mapping-01User and Group Attribute Mapping-02

Only display Name, Email obtained from the SAML response during Just in Time (JiT) Provisioning.

  • No modifications or transformations are possible.

Group Settings

  • Option to switch on/off automatic group creation & group membership removal.
  • Assign default groups with a dropdown Menu.
  • Configure Jira Service Desk Groups & Organisation.

Group Settings

Groups are created and removed during login automatically, with no user interface available for configuration.

SSO Redirection

resolution DC SAML SSO Image Atlassian DC SAML SSO

Basic SSO redirection

  • Enable SSO redirections
  • Enable SSO redirectionsfor Service Desk Customers

Basic SSO redirection
  • Enable SSO redirections
  • Enable SSO redirections for Service Desk Customers

Advanced redirection controls:

  • Enable Non-SSO (Bypass SAML with a special link)
  • Define specific URLs that trigger SSO
  • Define specific URLs that do not trigger SSO
  • Define User-Agent headers that do not trigger SSO

Advanced redirection controls-01Advanced redirection controls-02
Not available

Identity Provider Selection

resolution DC SAML SSO Image Atlassian DC SAML SSO

Configure more than one IdP

  • Some customers use > 100 IdPs.
  • Good way to handle scenarios where some users need to login locally via Username/Passwords (e.g., Contractors) and others via one (or more) IdPs

Configure more than one IdP
Not supported

IdP Selection Methods:

  • Defining a default IdP with a weight
  • IdP selection page (fully customizable velocity templates)
  • by email address
  • by HTTP Request Headers

IdP Selection Methods-01 IdP Selection Methods-02 IdP Selection Methods-03 IdP Selection Methods-04 IdP Selection Methods-05

Not supported

Setup Service Provider

resolution DC SAML SSO Image Atlassian DC SAML SSO

Signing and Encryption:

  • Include Signing Certificate in Metadata
  • Include Encryption Certificate in Metadata

The plugin supports both signed authentication requests and encryption of assertions. The above settings allow those to be added to the metadata as well.

Signing and Encryption_1

Neither signed authentication requests nor encrypted SAML messages are supported.

Advanced Settings

resolution DC SAML SSO Image Atlassian DC SAML SSO

Remember me Cookie-01

Remember me Cookie

  • “On” by default (not an ideal security choice)

Multiple IdP Import

  • Import Shibboleth federated Metadata to import many IdPs at the same time

 

Often used by academic institutions for cross-institutional collaborations. 

Multiple IdP Import
Not available

Page Templates

All content our SSO app display to users is based on velocity templates. They can easily be adjusted via the app’s UI. For example:

  • IdP selection Page(s)
  • Error page
  • Logout page

Any content the Plugin-01 Any content the Plugin-02
Not available

System & Support

resolution DC SAML SSO Image Atlassian DC SAML SSO
Export/import the configuration of an existing installation

Export-import

Not available
In app support

In app support
Not available

Built-in Support facility - Authentication Tracker

  • History of all authentications in the last 48 hours.
  • Usually, no separate logging is required. All usual debug/info messages, including SAML request & response are contained in an authentication tracker.
  • Raise a support case straight from a tracker with the tracker & config being attached to the case.

Built-in Support-01 Built-in Support-02
Not available

User Synchronisation

resolution DC SAML SSO Image Atlassian DC SAML SSO

User Sync allows to synchronize users from multiple identity providers both ahead-of-time and on-schedule.

It overcomes many limitations of “Just-in-Time” Provisioning and is the superior choice for many customers.

Attribute Mappings and group settings

  • User Name Transformation

  • Group Name Transformation

  • Add additional attributes received via the Identity Provider's API and write them to the Atlassian Application’s fields or User Property values.

  • Configure group settings at the IdP

  • Configure settings for Local group

Attribute Mappings and group settings-01 Attribute Mappings and group settings-02

Not Available

Schedule syncs

Schedule syncs-01 Schedule syncs-02 Schedule syncs-03
Not available

Automatic User Deactivation

resolution DC SAML SSO Image Atlassian DC SAML SSO

Option 1: Combining Just-in-Time Provisioning with ‘Disable inactive user connector.’

Combining Just-in-Time

Manual user deactivation.

Option 2: Use the User Deactivator Plugin

  • Automatically deactivate multiple users
  • Automatically remove users from groups
  • Exclude members of specific groups from deactivation/ group removal
  • Filter users on last activity date and deactivate manually
  • Receive reports when users are deactivated

Use the User Deactivator Plugin-01 Use the User Deactivator Plugin-02
Not available