SAML Single Sign On and Provisioning for Service Desk Customers

Still need help?

The Atlassian Community is here for you.

Ask the community

Atlassian uses a centralised identity service over at There, an end user can have a single Atlassian account identified by a unique email address. That single account is used to gain access into different sites and services in cloud.

Atlassian Access allows organizations to claim ownership of those Atlassian Accounts in that centralised identity service. When the company's domain is claimed in Atlassian cloud, you effectively take ownership of all Atlassian Accounts with an email address under that domain. You can then perform account management for your company accounts and later on implement additional security features such as SSO.

Customers in Jira Service Desk

Customers are users submitting requests in Jira Service Desk who are free and unlimited. They are essentially any user in Jira Service Desk who is not an agent. For example, you can add a Jira Software to any Jira Service Desk project as a customer. A user who has no application access is also considered a customer.

Sometimes Org Admins have a requirement for their Provisioned users to be automatically added to the Service Desk Projects as Customers and these customers (from the Managed domain) are required to login using SAML SSO. 

To achieve this first make sure that for the site linked to this org, you have the New users have access to this product option in Product Access disabled so that all the new users that are provisioned from Azure do not use up a service desk license:

If you have two different groups synced from the Azure, one for customers and another for agents, you can add the group of agents under the Jira service desk application. No changes are required for the customer's group here as they do not require a license to access the service desk portal.

Next, for the service desk project in which these users should be added as a customer, go to Project Settings > People section. Here for the customer's group synced from Azure, add the group to the Service Desk Customer role:

Once added the users should start appearing in the Project > Customers page successfully. 

Also, since these Customers will have their Atlassian Accounts created, these customers will be redirected to SAML SSO for login

Last modified on Oct 8, 2020

Was this helpful?

Provide feedback about this article
Powered by Confluence and Scroll Viewport.