Single Sign On For Porsche Informatik
miniOrange + Porsche Informatik
miniOrange OAuth/OIDC apps: SSO support for multiple Identities in Atlassian applications
Use Case – Configure SSO for LDAP and custom OAuth provider in Jira and Confluence
Porsche Informatik provides software development and IT services for Porsche Holding Salzburg and Volkswagen Group.
Porsche Informatik was looking for a product that would allow users to log in from LDAP Directory and their OAuth Provider parallelly with seamless integration in Atlassian applications like Jira and Confluence. This configuration required two different login flows which could be setup with multiple SSO applications in Jira and Confluence using miniOrange OAuth/OIDC SSO Add-ons.
Solutions We Provided to Porsche Informatik
We configured Single Sign-On between Porsche Informatik's OAuth Server and Atlassian application (e.g. Jira) using OAuth/OIDC SSO Add-On.
OAuth/OIDC Add-ons has a provision to configure more than one SSO application. However, for users to have better SSO experience in Atlassian applications, Redirection rules were configured in OAuth/OIDC add-ons. It helped control which users see the login page versus which use SSO to login into the application. This can be managed using different parameters such as group or directory of the user. In this case, users were differentiated based on the groups. The groups belonging to LDAP were allotted one rule and another one was allotted for the OAuth provider. User groups are matched with the configured rules at the time of login and redirect accordingly to LDAP or OAuth provider.
miniOrange successfully implemented the solution as per Porsche Informatik's requirement i.e. “SSO support for multiple Identities in Atlassian applications”.
Key benefits of the solution to Porsche Informatik
- Give employees a smooth, secure and passwordless login experience across platforms, and devices.
- Multiple OAuth/OIDC Apps setup allows SSO configurations for multiple user identities. e.g. OAuth provider, Crowd, LDAP etc.
- Redirection rules simplify user login experience for multiple OAuth/OIDC SSO applications.
Benefits of using the miniOrange OAuth/OIDC Apps
SSO in any application is challenging with Multiple User Stores. Keeping End user’s login experience hassle-free is one of the important aspects of SSO. It is achieved through the miniOrange OAuth/OIDC SSO addons for Atlassian applications through the support of SSO for multiple OAuth Providers.
- Replace the Existing Atlassian Login with SSO allowing users to authenticate using their existing LDAP or OAuth provider credentials.
- Multiple SSO Connections Seamlessly manage and connect multiple user stores with the Atlassian application.
- Strengthen Security Enhance the Security by enforcing SSO to all users.
How does it work?
Connect Jira and Confluence With OAuth Provider and LDAP at the same time
The user will be prompted to enter their username. Users are differentiated based on their groups stored in Atlassian application. Based on the user groups identified and configured in Redirection Rules, the user will be redirected to the particular user store.
Map the Subgroups of Custom OAuth Providers in Atlassian applications
The group response from the OAuth provider contains groups and their subgroups. This was a different kind of response from the standard group response which only has groups. We made changes accordingly and mapped the received group array with Jira groups. Similarly, for Confluence we mapped the received subgroups with Confluence groups.
OAuth/OpenID SSO apps gives the ability to enable OAuth/OpenID/OIDC Connect Single Sign-On for all Atlassian applications likeJira, Confluence, Bitbucket, Bamboo, Fisheye. OAuth/OpenID/OIDC Connect SSO app supports all known providers along with custom providers such asGoogle, Discord, GitLab, GitHub, Meetup, ADFS, Azure AD, Microsoft, Slack, Keycloak, AWS Cognito, OKTA and Salesforce.
ack, Keycloak, AWS Cognito, OKTA and Salesforce.
For Porsche Informatik, our product proved to be the best. What about you? If you don’t find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387 to find an answer to your question about Single Sign-On(SSO).