Bypassing Okta to allow users to login to Jira locally.
Platform Notice: Cloud, Server, and Data Center - This article applies equally to all platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
When Jira is configured with Okta, the redirection prevents users from locally authenticating.
Environment
Jira instances with the Okta Jira Authenticator installed.
Diagnosis
Users who try to login to Jira are redirected to Okta.
No users are able to login locally, even if the steps from Bypass SAML authentication for Jira Data Center are taken.
Cause
The users in question are not included in the users or groups within the okta-config-jira.xml file and therefore are being pushed to the Okta login page.
Okta in Jira operates with a combination of a jar file, plus two configuration files, that supersede Jira's normal login paths and Authentication Fallback Mechanisms.
These files and parameters are added to Jira manually by the Jira administrator in order to help facilitate login requests and send users to the correct login page.
Solution
Add the user, or group, to the okta-config-jira.xml file so that the users, who must use local authentication, are able to.
More information is available at Okta Jira Authenticator Configuration Guide and we recommend reaching out to the Okta team for further questions.