Search
  • Julie Gums

Can I use Single Sign-On for Jira and Confluence with Microsoft AD?

Updated: Aug 6


Question

Can I use Single Sign-On for Jira and Confluence with Microsoft AD?


Short answer

Yes you can use our SAML Single Sign-On app with Microsoft AD, but you'll also need the AD Federation Services role installed.


What is the problem?

Active Directory uses a protocol called Kerberos internally to authenticate domain joined devices. In order to be able to speak SAML, which is provided by our app, you need to have installed Active Directory Federation Services, ADFS. It's a free role that you can add to your Active Directory.


How can I use Single Sign-On with Microsoft AD?

If you want to use SAML Single Sign-On with ADFS, you most likely have one of the below environments already.

  1. AD FS with LDAP User Directory

  2. connect your Atlassian instance to your AD FS server, using a LDAP based user directory and enable SAML Single Sign-On

  3. AD FS with Just In-time Provisioning

  4. use SAML Single Sign-On with your AD FS server, using just in-time provisioning to create and update users in your Atlassian instance's existing internal user directory

  5. please note that we are currently offering no written tutorial for migrating users via database, read here for more details

Once you have ADFS installed, then it can terminate Kerberos as a protocol, authenticate your domain joined devices, but can also authenticate users from the outside that then talks SAML to our app on Jira or Confluence which does the Single Sign-On.

platinum_low-res.png

Newsletter      Support      Marketplace      Documentation      Imprint      Privacy Policy