Atlassian

Creating a single sign-on connection

To allow PingFederate to act as an identity provider for Atlassian Cloud, create a service provider (SP) connection.

About this task

If you only want to use the Atlassian Cloud Provisioner for provisioning, skip these steps.

You can follow these steps to create a new SP connection, or you can modify an existing connection.

Steps

  1. In the PingFederate administrator console, create a new SP connection:

    Choose from:

    • For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.

    • For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.

  2. Configure an SP connection with the Atlassian Cloud quick connection template:

    1. On the Connection Template tab, select Use a template for this connection.

    2. From the Connection Template list, select Atlassian Provisioner. Click Next.

    3. On the Metadata File row, upload the atlassian-saml-metadata.xml file. Click Next.

    4. On the Connection Type tab, click Next.

    5. On the General Info tab, click Next.

  3. On the Connection Type tab, select Browser SSO Profiles and clear any unwanted types. Click Next.

  4. On the General Info tab, complete the following fields. The rest of the connection information is populated by the metadata XML file. Click Next.

    1. In the Partner’s Entity ID field, enter the SP Entity ID that you noted in Enabling single sign-on in Atlassian.

    2. In the Base URL field, enter the base URL that you noted in Getting an Atlassian API key.

  5. On the Browser SSO tab, configure browser SSO:

    You can find a complete guide in Configure IdP Browser SSO in the PingFederate documentation.

    1. On the Browser SSO > SAML Profiles tab, select the IdP-Initiated and SP-Initiated checkboxes.

    2. On the Browser SSO > Protocol Settings > Assertion Consumer Service tab, in the Binding list, select POST. In the Endpoint URL field, enter the SP Assertion Consumer Service URL that you noted in Enabling single sign-on in Atlassian. Click Add.

    3. On the Browser SSO > Protocol Settings > Assertion Creation > Attribute Contract tab, for SAML_SUBJECT, in the Subject Name Format list, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.

  6. On the Credentials tab, configure the connection credentials. Click Next.

    You can find a complete guide in Configure credentials in the PingFederate documentation.

  7. On the Outbound Provisioning tab, configure the provisioning target and channel as shown in Configuring outbound provisioning in the PingFederate documentation.

  8. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.