PingOne for Enterprise

Adding Atlassian Cloud to Your PingOne for Enterprise Dock

Add the Atlassian Cloud application to your PingOne for Enterprise dock from the application catalog.

Steps

  1. In the PingOne for Enterprise admin console, go to Applications → Application Catalog.

  2. Optional: In the Search field, search for the application.

  3. Click the Atlassian Cloud application line to expand it and click Setup.

  4. On the SSO Instructions tab, click Download to download the signing certificate.

  5. Sign on to Atlassian Cloud as an administrator

  6. Go to Security → SAML Single Sign-On

  7. Copy the ACS URL and Entity ID values.

Next steps

In PingOne for Enterprise, click Continue to Next Step.

Atlassian Cloud Connection Configuration

Steps

  1. Import the metadata for Atlassian Cloud,

    Choose from:

    • Click Select File to upload the metadata file.

    • Click Or use URL to enter the URL of the metadata.

  2. In the ACS URL field, enter the assertion consumer service (ACS) URL.

  3. In the Entity ID field, enter the Entity ID.

  4. In the Target Resource field, enter a URL to redirect the user to after IdP-initiated single sign-on (SSO).

    The default URL is pre-populated, and should work for most Atlassian Cloud connections.

  5. In the Single Logout Endpoint field, enter a URL for PingOne for Enterprise to send single logout (SLO) requests to.

  6. In the Single Logout Response Endpoint field, enter a URL for PingOne for Enterprise to send SLO responses to.

  7. On the Primary Verification Certificate line, click Browse to locate and upload a local certificate file used to verify SLO requests and responses.

  8. On the Secondary Verification Certificate line, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.

  9. Select the Force Re-authentication check box to require your identity bridge to re-authenticate users with an active SSO session.

  10. Select the Encrypt Assertion box to encrypt outgoing SAML assertions.

  11. On the Signing line:

    Choose from:

    • Click Sign Assertion to have PingOne for Enterprise sign outgoing SAML assertions. This is the default option.

    • Click Sign Response to have PingOne for Enterprise sign responses to incoming SAML assertions.

  12. In the Signing Algorithm list, select an algorithm with which to sign SAML assertions.

  13. Select the Use Custom URLcheck box to enter a customer URL to launch Atlassian Cloud from the dock.

  14. Select the Set Up Provisioning check box to configure provisioning to Atlassian Cloud.

Next steps

Click Continue to Next Step.

Atlassian Cloud Provisioning

About this task

If you don’t need to set up user provisioning, proceed to Atlassian Cloud Attribute Mapping.

If you selected Set Up Provisioning on the Connection configuration tab:

Steps

{In Atlassian Cloud}

  1. In Atlassian Cloud, go to Directory → User Provisioning.

  2. Click Create a Directory.

  3. In the Directory field, enter a name for your directory.

  4. Copy your Directory Base URL and API Key.

{In PingOne for Enterprise}

  1. Click Continue to Next Step.

  2. In the DIRECTORY_BASE_URL field, enter the directory base URL.

  3. In the API_KEY field, enter your API key.

  4. In the REMOVE_ACTION list, select one of the following options:

    Choose from:

    • If you select Disable, a user you disable or delete in PingOne for Enterprise will be disabled in Atlassian Cloud.

    • If you select Delete, a user you disable or delete in PingOne for Enterprise will be deleted in Atlassian Cloud.

Next steps

Click Continue to Next Step.

Atlassian Cloud Attribute Mapping

About this task

For Atlassian Cloud, the required attribute is SAML_SUBJECT.

If you want to add additional attributes, Atlassian Cloud supports provisioning for standard System for Cross-domain Identity Management (SCIM) attributes. For a list of SCIM attributes, see Supported attributes reference.

Steps

  1. To add an additional optional attribute, click Add new attribute.

  2. In the Application Attribute field, enter the attribute name as it appears in the application.

  3. For custom attributes, select the Provisioning check box.

  4. In the Identity Bridge Attribute or Literal Value field, choose one of the following:

    Choose from:

    • Enter or select a directory attribute to map to the application attribute.

    • Select As Literal, then enter a literal value to assign to the application attribute.

  5. To create advanced attribute mappings, click Advanced.

    For more information, see Create advanced attribute mappings.

Next steps

Click Continue to Next Step.

Atlassian Cloud Customization

Steps

  • To change the application icon, click Select image and upload a local image file.

    The image file must be:

    • PNG, GIF, or JPG format

    • 312 x 52 pixels maximum

    • 2 MB maximum file size

      Images are scaled to 64 x 64 pixels for display.

  • To change the name of the application displayed on the dock, in the Name field, enter a new name.

  • To change the description of the application, in the Description field, enter the new description text.

  • To change the category to which the application is assigned on the dock, in the Category list, select a category.

    For information about creating custom application categories, see Creating a custom application category.

Next steps

Click Continue to Next Step.

Atlassian Cloud Group Access

About this task

The Group Access tab shows every user group that you have created.

For more information about creating user groups, see Add user groups.

Steps

  • To add a group’s access to the application, on the line for that group, click Add.

  • To remove a group’s access, on the line for that group, click Remove.

  • When you’re finished assigning groups, click Continue to Next Step.

Atlassian Cloud SAML connection

Steps

  1. In PingOne for Enterprise, on the Review Setup tab, click Download to download the signing certificate.

  2. Copy the Issuer and idpid values.

  3. Click Finish to add Atlassian Cloud to your PingOne for Enterprise Dock.

  4. In Atlassian Cloud, go to Security → Identity providers and select your PingOne for Enterprise Directory.

  5. Click Set up SAML single sign-on.

  6. Enter your configuration information.

    1. In the Identity provider Entity ID field, enter the Issuer value.

    2. In the Identity provider SSO URL field, enter https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<your idpid>, where <your idpid> is the idpid value.

    3. In the Public x509 Certificate field, paste the text of the signing certificate you downloaded, including the ----BEGIN CERTIFICATE---- line.

  7. Click Save SAML configuration to activate the connection to PingOne for Enterprise.