Page created: 13 Apr 2020
|
Page updated: 8 Feb 2022
| 2 min read
Atlassian Other Documents Integrations Language English Integration Content Type Product documentation Audience Administrator
To allow PingFederate to act as an identity provider for Atlassian Cloud, create a service provider (SP) connection.
If you only want to use the Atlassian Cloud Provisioner for provisioning, skip these steps.
Tip: You can follow these steps to create a new SP connection, or you can
modify an existing connection.
-
In the PingFederate
administrator console, create a new SP connection:
- For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.
- For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.
-
Configure an SP connection with the Atlassian Cloud quick
connection template.
- On the Connection Template tab, select Use a template for this connection.
- From the Connection Template list, select Atlassian Provisioner. Click Next.
- On the Metadata File row, upload the atlassian-saml-metadata.xml file. Click Next.
- On the Connection Type tab, click Next.
- On the General Info tab, click Next.
- On the Connection Type tab, select Browser SSO Profiles and clear any unwanted types. Click Next.
-
On the General Info tab, complete the following fields. The
rest of the connection information is populated by the metadata XML file. Click
Next.
- In the Partner's Entity ID field, enter the SP Entity IDthat you noted in Enabling single sign-on in Atlassian.
- In the Base URL field, enter the base URL that you noted in Getting an Atlassian API key.
-
On the Browser SSO tab, configure browser SSO.
For a complete guide, see Configure IdP Browser SSO in the PingFederate documentation.
- On the Browser SSO > SAML Profiles tab, select the IdP-Initiated and SP-Initiated check boxes.
- On the Browser SSO > Protocol Settings > Assertion Consumer Service tab, from the Binding list, select POST. In the Endpoint URL field, enter the SP Assertion Consumer Service URL that you noted in Enabling single sign-on in Atlassian. Click Add.
- On the Browser SSO > Protocol Settings > Assertion Creation > Attribute Contract tab, for SAML_SUBJECT, from the Subject Name Format list, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
-
On the Credentials tab, configure the connection
credentials. Click Next.
For a complete guide, see Configure credentials in the PingFederate documentation.
- On the Outbound Provisioning tab, configure the provisioning target and channel as shown in Configure outbound provisioning in the PingFederate documentation.
- On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.