The following table details the required and optional attributes to be configured in the assertion attribute contract.
Attribute Name Description Required / Optional

SAML_SUBJECT

Username

Required

Note:

A predefined application exists in the application catalog for use with Atlassian Cloud, it is recommended that this is used for Atlassian Cloud integrations.

  1. Create a PingOne for Enterprise application for Jira/Confluence on premise.
    Note:

    The following configuration is untested and is provided as an example. Additional steps might be required.

    1. Sign on to the Atlassian application as an administrator and go to Administration > System > SAML Authentication.
    2. Select SAML Single Sign On and note the Audience URL (Entity ID) and Assertion Consumer Service URL values.
    3. Download the signing certificate.
    4. Sign on to PingOne for Enterprise and click Applications.
    5. On the SAML tab, click Add Application.
    6. Click New SAML Application.
      Screen capture of PingOne for Enterprise SAML Application table. Below, the Add Application button drops down and the New SAML Application option is highlighted in red.
    7. In the Application Details section, enter the following:
      • A suitable application name, such as Confluence.
      • A suitable description.
      • A suitable category, such as Information Technology.
      • (Optional) Upload an icon to be used in the PingOne for Enterprise dock.
      Screen capture of PingOne for Enterprise Application Details with the fields for Application Name, Application Description, and Category drop down list all asterisked and Graphics as an optional field.
    8. Click Continue to Next Step.
    9. Select I have the SAML configuration.
    10. In the Signing Certificate list, select a suitable signing certificate.
    11. For Protocol Version, click SAML v.2.0.
    12. In the Assertion Consumer Service (ACS) field, enter the ACS value from the Atlassian single sign-on settings.
    13. In the Entity ID field, enter the Entity ID value from the Atlassian single sign-on settings.
    14. For Primary Verification Certificate, select the signing certificate that you downloaded.
      Screen capture of PingOne for Enterprise Signing Certificate section with PingOne for Enterprise Account Origination Certificate (2021) selected from the drop down list.
    15. Click Continue to Next Step.
    16. In the SSO Attribute Mapping section, add the following mapping for the SAML_SUBJECT:
      1. For Identity Bridge Attribute or Literal Value, select the appropriate attribute. This should match the username for the user in the application.
      2. Select the Required check box.
      Screen capture of PingOne for Enterprise SSO Attribute Mapping section with SAML_SUBJECT input as the Application Attribute.
    17. Click Continue to Next Step.
    18. Add the user groups for the application.
    19. Click Continue to Next Step.
    20. Review the settings.
      Screen capture of PingOne for Enterprise application connection test page.
    21. Copy the Single Sign-On (SSO) URL value to a temporary location.
      This is the IdP-initiated SSO URL that you can use for testing.
    22. Note the idpid and Issues values.
    23. On the Signing Certificate line, click Download.
      You'll use this for the application configuration.
    24. On the SAML Metadata line, click Download.
      You'll use this for the application configuration.
    25. Click Finish.
  2. Configure the PingOne for Enterprise IdP Connection for Jira/Confluence on-premise:
    1. Sign on to the Atlassian application as an administrator.
    2. Go to Administration > System > SAML Authentication.
    3. Select SAML Single Sign On.
    4. Configure the following.
      Setting Value

      Single sign-on issuer

      The issuer from PingOne for Enterprise application details noted earlier.

      Identity provider single sign-on URL

      Enter the Single Sign-On Service URL in the following form, using the idpid previously noted. https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<idpid>

      Alternatively, you can retrieve the URL from the metadata that you downloaded.

      X509 Certificate

      Upload the PingOne for Enterprise signing public certificate that you downloaded.

      Login Mode

      Choose whether SAML is your primary or secondary authentication.

Configuration is complete.