Authorizing identities for external users like partners, customers and suppliers, also maintaining control over what they can access is a tedious task and needs efficient technical support. Several users log into Starbucks’ service portal daily, which includes their external customers and internal employees of the organization. For managing these users, they wanted an easy and secure way to categorize them as internal and external users.
Use case: External user management through Single Sign-On
Starbucks was looking for a product that can differentiate between internal and external users at the time of Single Sign-On (SSO). There is no such product available in the Atlassian marketplace.
Being our existing client, Starbucks contacted us with the query of assigning different privileges to external users and their internal employees at the time of Single Sign-On.
The Solution We Provided:
With miniOrange Jira SAML plugin, this case was solved by assigning different default groups to internal and external users. These groups in Jira would eventually control the permissions and privileges provided to these users.
To differentiate the internal user from the external user, the plugin uses the domain of their email address. The administrator can assign different default groups to different domains. When a user logs into the Starbucks service portal, based on the domains configured, the plugin decides if the user is internal or external. Based on this domain, they will be assigned to their respective default groups. Therefore, managing users becomes easy and different user permissions can be assigned to users based on their groups.
How It Works:
- The system administrator sets up Single Sign-On for all users and provides the list of the internal email domains.
- Other than configured domains, all other domains are treated as external user domain.
- User groups for internal and external users are created by the administrator in Jira (Such groups can be given different access privileges for using the system).
- User tries to login into the system. After successful authentication of the user, the email domain of the user is identified to check whether the user is an internal user of the organization or external user depending on which the respective group is assigned to the user.
- Managing user groups: Segregation of internal and external users based on email domain allows user and group management.
- Cost-effective: No need to buy different User Group Management plugin for managing the user groups.
- Saves time: Groups are automatically assigned to users based on their email domain at the time of SSO.
Click here for a free trial of Jira SAML SSO.
Click here to learn how to set up SAML SSO between miniOrange and Jira.
Click here to learn more about miniOrange Jira SAML SSO plugin.
If you don’t find what you are looking for, please contact us at firstname.lastname@example.org or call us at +1 978 658 9387 to find an answer to your question about Single Sign-On (SSO).