Atlassian Suite - SSO configuration

Atlassian Suite - SSO configuration

Idea
This documentation has been tested and approved by Kelvin Zero's team
Quote
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for ATLASSIAN Suite using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
Warning
To set up Multi-Pass with  ATLASSIAN Suite, ensure you meet the following requirements:
-  ATLASSIAN Suite admin rights
- ATLASSIAN guard enabled
- MPAS Admin rights
- Make sure that all users intended to use SSO in  ATLASSIAN Suite are registered in your IdP and have the necessary permissions to access ATLASSIAN Suite .
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.


Atlassian Suite - SSO configuration


Notes
This documentation provides a step-by-step guide to enable passwordless SSO with Multi-Pass on Atlassian.
To enable SAML-based SSO, make sure Atlassian Guard is activated — it is a required module.
Supported Applications :
  1. Jira
  2. Confluence
  3. Bitbucket
  4. Trello (Enterprise only)
  5. Opsgenie
  6. Statuspage
  7. Atlassian Guard

Step 1 – Atlassian SSO Configuration

Warning
Prerequisite: Activate Atlassian Guard
  1. Go to Atlassian Admin.
  2. Click on Security.

  1. Verify your domain.
  2. Click on Connect your Identity Provider and subscribe to Atlassian Guard if not done yet.


Step 2 – Configure Atlassian with Multi-Pass (IdP)

  1. Click on Set up SAML single sign-on.

  1. Select Other Provider.

  1. Enter a name (e.g., multipass) for the configuration.

  1. Click Next.

Step 3 - Collect x.509 Certificate from Multi-Pass

  1. Access Multi-Pass Dashboard

  1. In the Advanced Console, go to Realm Settings.
  2. Click on the Keys tab.
  3. On the RS256 line, click Certificate.
  4. Copy the certificate.

  1. Paste it into Atlassian, wrapped with:
-----BEGIN CERTIFICATE-----
(your certificate here)
-----END CERTIFICATE-----


Step 4 - Atlassian → Fields to Complete

  1. Complete the different fields according to the informations below : 
FieldValue
Identity Provider Entity IDhttps://ca.auth.kzero.com/realms/<TENANT_NAME>
Identity Provider SSO URLhttps://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml
Public x.509 CertificatePaste the x.509 certificate as shown above


  1. Click Next to proceed.



Step 5 - Switch to Multi-Pass Configuration

  1. Go back to the Advanced Console
  2. Click on Clients > Create Client.

  1. Fill in the following:
FieldValue
Client TypeSAML
Client IDService Provider Entity URL (provided by Atlassian)
Namee.g. Atlassian
Descriptione.g. Test SSO
Always Display in UION
  1. Click Next, then complete:
FieldValue
Home URLhttps://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml/clients/<APP_NAME>
Valid Redirect URIsAssertion Consumer Service URL from Atlassian
IDP-Initiated SSO URL name<APP_NAME> (e.g. atlassian)
  1. Scroll down to the SAML Settings section and make sure : 
SettingValue
Name ID Formatemail
Force Name ID FormatON
Sign DocumentsOFF
Sign AssertionsON
  1. Move to the Keys tab and verify both are OFF.
  2. Go to the Advanced tab:
FieldValue
Assertion Consumer Service POST Binding URLSame as Valid Redirect URIs
  1. Click SAVE


 Step 6 - Finalize Atlassian Configuration

  1. Back in Atlassian, click Next.
  2. Link the configuration to the verified domain.

  1. Choose whether to configure automatic provisioning.
  2. Click Save.
  3. Enable SSO for Users
    1. Create groups in Atlassian.
    2. Assign the SSO policy to selected products (e.g., Jira, Confluence…).

You can now log in passwordless using Multi-Pass!


    • Related Articles

    • Wrike - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Wrike using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • Intercom - SSO configuration

      Valid redirect URIs Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This ...

    • Lusha - SSO configuration

      Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...

    • Huntress - SSO configuration

      This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Huntress using MPAS. SSO simplifies user authentication by allowing access to multiple ...

    • FortiClient / FortiGate - SSO Configuration

      Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...