How to connect Confluence Data Center with Azure SAML SSO
Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.
In order to use SSO for Atlassian Server and Data Center to authenticate against Microsoft's Azure AD, we need to create an Enterprise Application in the Azure management console. In this article, we'll use the pre-set Confluence SAML SSO by Microsoft from the Azure library.
- Confluence 6.1+
- Azure Active Directory
- Access your Azure Active Directory and select Enterprise applications
- Select New application and find "Confluence SAML SSO by Microsoft" from the gallery
- Create a name to your application and click Add. You should see your new application like this:
- Now we'll get some information from Confluence. Login your Confluence Data Center using an Admin account and head to General Configuration > SSO 2.0.
- Scroll down until you see the following lines. Copy and save them to use in the Azure portal:
- Back in Azure, open your Enterprise Application, select 2. Set up single sign on, then choose SAML.
Click to edit the Basic SAML Configuration fields and use the information copied from Confluence.
Identifier (Entity ID)
Audience URL (Entity ID)
Reply URL (Assertion Consumer Service URL)
Assertion Consumer Service URL
Sign on URL Assertion Consumer Service URL
- Still in the Azure SAML settings, download the Certificate (Base64 encoding) and copy the Login URL and Azure AD Identifier
Go back to the Confluence SSO 2.0 screen and use the information copied from Azure. Click Save configuration when finished.
Azure Confluence Login URL Identity provider single sign-on URL Azure AD Identifier Single sign-on issuer Certificate (Base64) X.509 Certificate
- To test the authentication, you can use a link like this (it will redirect you to the Azure login screen and then back to Confluence if the authentication is successful):