Atlassian SAML Handbook

1. Sign In Settings

  • Login Button Text: Label for the SSO Login button on the Application’s default login page.
  • Relay State URL: An absolute URL where the user will be redirected after SSO. If left blank, users will be redirected to the page they started with.
  • Auto Redirect to IDPIf enabled, users will not be able to access the application’s default login page. Whenever an unauthenticated user tries to access the application, they will be auto-redirected to the IDP for authentication.
    • Disable Anonymous access*: If enabled, public pages of the application(JIRA) will not be accessible without authentication.
    • Backdoor/Emergency URL: Backdoor/Emergency URL gives access to the Application’s default login page. This allows users to log in directly into the application using their local credentials. This will be useful in case the IDP is under maintenance or inaccessible.
    • Restrict Backdoor URL: Restrict backdoor URL for particular groups that are present in the application.
      1. Backdoor Groups: Group(s) of the user allows to access Backdoor URL for eg. jira-administrator, in this case only JIRA Administrators will be able to access the JIRA login page.
    • Enable Auto-Redirect Delay: Introduce a delay on the login page before the user gets redirected to the IDP for authentication. This lets the user to cancel the auto-redirection and allow him to log in with the application’s local credentials. Recommended for different sets of users using local and SSO to login and also for testing Auto-redirect functionality.
  • Secure Admin Login Options**
    • Login as admin only once during SSO: User’s admin session will be created on the first login. When the admin session expires, the administrator won’t be redirected to IDP. Instead, the admin login page will be shown.
    • Login administrator with user permission: User’s admin session will not be created on the first login. Additionally, the administrator will not be redirected to IDP on access to the administration console. Note: Use this only when the user already exists in the system or knows their account’s password.
    •  Redirect to IDP to access Admin functions:  User’s admin session will be created on the first login. Also, the user will always be redirected to IDP on the access of the admin console. Note: Please enable backdoor URL option and copy backdoor URLs mentioned above to login just in case a lock out situation occurs.

* This feature is available in JIRA SAML SSO plugin only.

** This feature is available in JIRA and Confluence SAML SSO plugin only.