Configuring Okta IdP to use 'any' custom field as External ID for authentication with Jira Align

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community


Summary

Integrating Okta with Jira Align enables streamlined and secure Single Sign-On (SSO) capabilities, enhancing both user experience and security. A common customization within this integration involves using an external ID to authenticate users in Jira Align. This article outlines the steps to configure Okta for utilizing an external ID as part of the authentication process in a proof-of-concept model.

Before proceeding, ensure you have administrative access to both your Okta and Jira Align accounts. Familiarity with SAML concepts and configurations and the concept of external IDs will also be beneficial.

Solution

On Okta's side: 

  1. Create a New Attribute in Okta:

    • Navigate to the Profile Editor for Jira Align users in your Okta admin dashboard.
    • Create a new attribute to serve as the external ID (for example, extID).

  2. Map the New Attribute to User Profiles:

    • In the mapping section, specifically "Okta User to Jira Align," map the newly created attribute (extID) to the profile.

  3. Configure Application Username in Okta:

    • Within the Jira Align application settings in Okta, let the field "Name ID Format" as "Unspecified".
    •  Set the Application username to Custom.
    • Add the mapped attribute user.extID as the application username.

  4. Assign External IDs to Users in Okta:

    • Manually enter the desired value for the external ID (extID) for each user in Okta. This step is crucial for ensuring that the correct ID is passed to Jira Align during authentication.

Jira Align Configuration

  • Navigate to Settings > Platform > Security in Jira Align.


  • Ensure the external ID field in Jira Align matches the attribute you added in Okta.


  • Here's an example of how the SAML Response from Okta to Jira Align will be composed

Note: The ExternalID for authentication should be placed in the "Assertion" session of the SAML Response XML and not on the "Attributes" session.

Important Considerations

  • This configuration is a guideline and not an official recommendation from Atlassian. It's essential to proceed with caution and consult Okta support or an Okta specialist for a configuration that best fits your needs.
  • Atlassian does not provide support for identity provider (IdP) configurations. Any modifications or customizations made within your IDP, including Okta, are outside Atlassian's scope of support.
  • While this article outlines a method to use an external ID for authentication in Jira Align via Okta, it's crucial to understand the complexities involved. Engaging with Okta support or an Okta specialist is strongly advised for additional guidance or to explore alternative setup strategies.


Last modified on Feb 27, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.