How to connect Confluence Data Center with Azure SAML SSO

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Summary

In order to use SSO for Atlassian Server and Data Center to authenticate against Microsoft's Azure AD, we need to create an Enterprise Application in the Azure management console. In this article, we'll use the pre-set Confluence SAML SSO by Microsoft from the Azure library.

Environment

  • Confluence 6.1+
  • Azure Active Directory

Solution

  1. Access your Azure Active Directory and select Enterprise applications
  2. Select New application and find "Confluence SAML SSO by Microsoft" from the gallery
  3. Create a name to your application and click Add. You should see your new application like this:
  4. Now we'll get some information from Confluence. Login your Confluence Data Center using an Admin account and head to General Configuration > SSO 2.0.
  5. Scroll down until you see the following lines. Copy and save them to use in the Azure portal:
  6. Back in Azure, open your Enterprise Application, select 2. Set up single sign on, then choose SAML.

  7. Click to edit the Basic SAML Configuration fields and use the information copied from Confluence.

    Azure

    Confluence

    Identifier (Entity ID)

    Audience URL (Entity ID)

    Reply URL (Assertion Consumer Service URL)

    Assertion Consumer Service URL

    Sign on URLAssertion Consumer Service URL



  8. Still in the Azure SAML settings, download the Certificate (Base64 encoding) and copy the Login URL and Azure AD Identifier
  9. Go back to the Confluence SSO 2.0 screen and use the information copied from Azure. Click Save configuration when finished.

    AzureConfluence
    Login URLIdentity provider single sign-on URL
    Azure AD IdentifierSingle sign-on issuer
    Certificate (Base64)X.509 Certificate


  10. To test the authentication, you can use a link like this (it will redirect you to the Azure login screen and then back to Confluence if the authentication is successful):
  • https://<base-url>/plugins/servlet/external-login


Last modified on Mar 5, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.