User-authentication workflow


The old navigation will be removed from Jira Align in early 2024.
Learn more about the upcoming changes

This diagram illustrates how identity provider-initiated SAML 2.0 SSO works for the users of Jira Align:

  1. The user browses to the organization's portal and selects the option to go to Jira Align. In your organization, the portal is typically a function of your identity provider (IdP) that handles the exchange of trust between your organization and Jira Align. For example, in Active Directory Federation Services, the portal URL is: https://ADFSServiceName/adfs/ls/IdpInitiatedSignOn.aspx
  2. The portal verifies the user's identity in your organization.
  3. The IdP portal generates a SAML authentication response that includes assertions that identify the user and include attributes about the user. The portal sends this response to the client browser.
  4. The client browser posts the SAML assertion to Jira Align's single sign-on endpoint, for SaaS this is typically
  5. Jira Align will validate that both the SAML Response and the SAML assertion are signed and read the value for the NameID attribute from the SAML assertion to look up an existing Jira Align user by their email or their External ID field. If a matching user is found, the system will log them in. If no matching user is found or if the SAML validation fails, then Jira Align will display an error message with the cause of the failure.
Was this article helpful?
1 out of 1 found this helpful
Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF

Join the Atlassian Community!

The Atlassian Community is a unique, highly collaborative space where customers and Atlassians come together. Ask questions and get answers, start discussions, and collaborate with thousands of other Jira Align customers. Visit the Jira Align Community Collection today.

Need to contact Jira Align Support? Please open a support request.