Creating a single sign-on connection
To allow PingFederate to act as an identity provider for Atlassian Cloud, create a service provider (SP) connection.
About this task
If you only want to use the Atlassian Cloud Provisioner for provisioning, skip these steps.
You can follow these steps to create a new SP connection, or you can modify an existing connection. |
Steps
-
In the PingFederate administrator console, create a new SP connection:
Choose from:
-
For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.
-
For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.
-
-
Configure an SP connection with the Atlassian Cloud quick connection template:
-
On the Connection Template tab, select Use a template for this connection.
-
From the Connection Template list, select Atlassian Provisioner. Click Next.
-
On the Metadata File row, upload the
atlassian-saml-metadata.xml
file. Click Next. -
On the Connection Type tab, click Next.
-
On the General Info tab, click Next.
-
-
On the Connection Type tab, select Browser SSO Profiles and clear any unwanted types. Click Next.
-
On the General Info tab, complete the following fields. The rest of the connection information is populated by the metadata XML file. Click Next.
-
In the Partner’s Entity ID field, enter the SP Entity ID that you noted in Enabling single sign-on in Atlassian.
-
In the Base URL field, enter the base URL that you noted in Getting an Atlassian API key.
-
-
On the Browser SSO tab, configure browser SSO:
You can find a complete guide in Configure IdP Browser SSO in the PingFederate documentation.
-
On the Browser SSO > SAML Profiles tab, select the IdP-Initiated and SP-Initiated checkboxes.
-
On the Browser SSO > Protocol Settings > Assertion Consumer Service tab, in the Binding list, select POST. In the Endpoint URL field, enter the SP Assertion Consumer Service URL that you noted in Enabling single sign-on in Atlassian. Click Add.
-
On the Browser SSO > Protocol Settings > Assertion Creation > Attribute Contract tab, for SAML_SUBJECT, in the Subject Name Format list, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
-
-
On the Credentials tab, configure the connection credentials. Click Next.
You can find a complete guide in Configure credentials in the PingFederate documentation.
-
On the Outbound Provisioning tab, configure the provisioning target and channel as shown in Configuring outbound provisioning in the PingFederate documentation.
-
On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.