SSO for JSM Customers using Azure B2C as OAuth Provider



Our SAML/OAuth SSO for JSM Customers app offers the functionality to seamlessly integrate OAuth/OpenID Single Sign-On into the JSM customer portal, ensuring compatibility with all OAuth/OpenID Providers. This guide will outline the steps for configuring SSO between the JSM customer portal and your OAuth/OpenID Provider. By following these instructions, customers will undergo authentication via your OAuth/OpenID Provider prior to accessing the JSM customer portal. This integration facilitates a smooth customer experience while also mitigating spam ticket.


Download And Installation

  • Log into your Jira instance as an admin.
  • Navigate to the settings and Click on Apps.
  • Locate SAML/OAuth SSO for JSM Customers.
  • Click on free trial to begin a new trial SAML/OAuth SSO for JSM Customers.
  • On menu bar click on Apps. Locate SAML/OAuth SSO for JSM Customers .

Step 1: Setup Azure B2C as OAuth Provider

  • To perform SSO with Azure B2C as Provider, your application must be https enabled.
  • Sign in to Azure portal.
  • Go to Home and in the Azure services, select Azure AD B2C.
  • Configure Azure B2C SSO (Single Sign-On) - Select Azure AD B2C
  • Please make sure you are in the Azure AD B2C directory with an active subscription and if not, you can switch to the correct directory.
  • Configure Azure B2C SSO (Single Sign-On) - Login Applications
  • In the Essentials tab, you will find the Azure B2C domain name, keep it handy, you will need it later for configuring the Azure B2C tenant name under plugin.

  • Configure Azure B2C SSO (Single Sign-On) - Generate Key
  • Now, click on App registrations and then click on the New registration option to create a new Azure b2c application.
  • Configure Azure B2C SSO (Single Sign-On) - Login Applications
  • Configure the following options to create a new application.
    • Enter a name for your application under the Name text field.
    • In supported account types, select 3rd option ‘Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)’
    • In the Redirect URI section, select the Web application and enter the Callback URL from the plugin and save it under the Redirect URL textbox.
    • Click on the Register button to create your application.
    • Configure Azure B2C SSO (Single Sign-On) - Create
  • After successful application creation, you will be redirected to the newly created application’s overview page. If not, you can go to the app registrations and search the name of your application and you will find your application in the list.
  • Configure Azure B2C SSO (Single Sign-On) - Applications option
  • Copy your Application ID and keep it handy.
  • Configure Azure B2C SSO (Single Sign-On) - Application ID
  • Now, click on Certificates and secrets and then click on New Client Secret to generate a Client Secret. Enter a description and click on the Add button.
  • Configure Azure B2C SSO (Single Sign-On) - Generate Key
  • Copy the secret value from certificates & secrets page and keep it handy.
  • Configure Azure B2C SSO (Single Sign-On) - Generate Key

Step 1.1: Add Users in your b2c application

  • In home page, go to the Users tab in the left corner
  • Configure Azure B2C SSO (Single Sign-On) - user flow
  • Click on New user in the users page. Then click on Create new user option.
  • Configure Azure B2C SSO (Single Sign-On) - user flow
  • Select Create Azure AD B2C user. Then, scroll down and click on Email from sign in method and set your password and click create to save the user details to perform test connection.
  • Configure Azure B2C SSO (Single Sign-On) - user flow

Step 2: Setup JSM as OAuth Client

  • Go to the Manage Apps -> click Getting started under SSO Integration with Helpdesk then click on the Add New Identity Provider.
  • SSO for JSM Customers using Azure B2C as OAuth Provider | add identity provider
  • Select OAuth/OIDC and click on the next button.
  • SSO for JSM Customers using Azure B2C as OAuth Provider | select protocol
  • Select Azure B2C from the Selected Application dropdown menu.
  • Enter copied Client ID, Client Secret, and Tenant ID.
  • Add https://login.microsoftonline.com/{TENANT_ID}/oauth2/v2.0/logout?p={APP_NAME} in logout endpoint. This endpoint will logout you from Azure B2C when you logout from JSM.
  • Scope is required. Configure Scope as openid.
  • Enter JWKS EndPoint URL or Public Key for signature validation.
    Eg.https://login.microsoftonline.com/common/discovery/keys
  • Click on Save button and then test connection for verifying the entered details.
  • SSO for JSM Customers using Azure B2C as OAuth Provider | verify details

Step 3: User Attribute Mapping

  • Once you see all the values in Test connection, go to User Attribute Mapping. Map attributes like Email, firstname, lastname, etc. Click on Save.
  • SSO for JSM Customers using Azure B2C as OAuth Provider | attribute mapping

Step 4: Integrate Atlassian HelpDesk with JSM SSO

  • Navigate to the Jira Configuration tab. Click on the Configure API Token and configure the Service Account API token with the email.
  • It is necessary to have admin permissions for the service account.
    SSO for JSM Customers using ADFS as OAuth Provider | service account
  • After successful configuration of API token all the service desk projects with respective links will be displayed. These substituted links will be used by customers for accessing particular projects with SSO.
  • SSO for JSM Customers using ADFS as OAuth Provider | API token
  • Copy any of the substitute links you see for your portals and try accessing it in a private browser window. You would be automatically redirected to your Identity Provider for authentication and would be allowed access to the portal only after successful authentication.





Free Trial

If you don't find what you are looking for, please contact us at support-atlassian@miniorange.atlassian.net or raise a support ticket here.