SSO settings

SSO, single sign-on, is a property of access control of multiple related but independent software systems. With this property, you can log in once and gain access to all systems without logging in again at each of them.

Note: You can connect your SSO provider with Atlassian Guard to create a single authentication solution for all of your Atlassian products. More about Atlassian Guard with Jira Align. 

To configure a stand-alone SSO provider with Jira Align:

1. Select the Settings gear in the top navigation bar.
2. On the left side of the page, select Platform in the Settings section.
3. Select the Security tab.
4. In the Authentication method setting, select SAML single sign-on (SSO).

The following SSO-specific settings will display:

• Disable Manual Sign In. Controls if the users can access the application by manually signing in through the login page or by using the SSO. The default value is set to No. When the manual sign in is disabled:
  • Such security settings as Minimum Password Length, Minimum Password Uppercase, Minimum Password Numeric Characters, and Temporary Links Expiration (Hours) are disabled.
  • The Resend Password link in user properties in User details on the people page and in a user’s profile is disabled.
  • Login page is not available for users.
  • Users created while the manual sign in is disabled do not receive a New User Setup email.
• SAML 2.0 Identity Providers. Allows you to use a SAML 2.0 Identity Provider to implement SSO. To add your SAML 2.0 Identity Provider, click Add SAML Provider, then copy and paste the SAML 2.0 Metadata XML. Under NameID Lookup By, select whether you want to use the Email or External ID field to authenticate Jira Align users by. User's External ID can be set on the Edit User page and synchronized through the external connectors. To save the information, click Save & Close. The SAML 2.0 Metadata will be validated and the entityID will be shown on the Configuration page. You can edit the SAML SSO configuration for the specific Identity Provider by clicking the pencil icon.
• Sign In URL. This option is only available when the manual sign in is disabled. Set this value to an identity provider-initiated SSO URL that you want to direct users to when they try to access Jira Align and are not signed in. Use the token %AC-URL% in the URL to include the Jira Align requested URL in the redirect.
• Sign Out URL. Set this value to a URL that you want to direct users to when they click Sign Out.
• Privacy Policy URL: Set this value to a URL that you want to direct users to for your organization's privacy policy information. The link to this URL will display as the Privacy Policy link at the bottom of the Help slide-out.