If you only want to use the Atlassian Cloud Provisioner for provisioning, skip these steps.

Tip: You can follow these steps to create a new SP connection, or you can modify an existing connection.
  1. In the PingFederate administrator console, create a new SP connection:
    • For PingFederate 10.1 or later: go to Applications > Integration > SP Connections. Click Create Connection.
    • For PingFederate 10.0 or earlier: go to Identity Provider > SP Connections. Click Create Connection.
  2. Configure an SP connection with the Atlassian Cloud quick connection template.
    1. On the Connection Template tab, select Use a template for this connection.
    2. From the Connection Template list, select Atlassian Provisioner. Click Next.
    3. On the Metadata File row, upload the atlassian-saml-metadata.xml file. Click Next.
    4. On the Connection Type tab, click Next.
    5. On the General Info tab, click Next.
  3. On the Connection Type tab, select Browser SSO Profiles and clear any unwanted types. Click Next.
  4. On the General Info tab, complete the following fields. The rest of the connection information is populated by the metadata XML file. Click Next.
    1. In the Partner's Entity ID field, enter the SP Entity IDthat you noted in Enabling single sign-on in Atlassian.
    2. In the Base URL field, enter the base URL that you noted in Getting an Atlassian API key.
  5. On the Browser SSO tab, configure browser SSO.

    For a complete guide, see Configure IdP Browser SSO in the PingFederate documentation.

    1. On the Browser SSO > SAML Profiles tab, select the IdP-Initiated and SP-Initiated check boxes.
    2. On the Browser SSO > Protocol Settings > Assertion Consumer Service tab, from the Binding list, select POST. In the Endpoint URL field, enter the SP Assertion Consumer Service URL that you noted in Enabling single sign-on in Atlassian. Click Add.
    3. On the Browser SSO > Protocol Settings > Assertion Creation > Attribute Contract tab, for SAML_SUBJECT, from the Subject Name Format list, select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress.
  6. On the Credentials tab, configure the connection credentials. Click Next.

    For a complete guide, see Configure credentials in the PingFederate documentation.

  7. On the Outbound Provisioning tab, configure the provisioning target and channel as shown in Configure outbound provisioning in the PingFederate documentation.
  8. On the Activation and Summary tab, above the Summary section, click the toggle to turn on the connection. Click Save.