How to use Azure AD SSO SAML for Jira, when Jira is also already setup to use local AD

0

This tutorial is great and easy to get setup with Azure AD integrated for Jira: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-jiramicrosoft-tutorial

The only problem with it is, as outlined it requires that the usernames are in email address form within Jira, and stored in the local Jira internal directory.

What if I want to leverage all the existing usernames and keep them using local AD but leverage Azure AD only as a redundancy?

When trying this setup and test logging into Jira it says "User is not available in JIRA. Please contact your JIRA admin." I think this is because it's trying to use the email address returned as the username in the SAML query as the username in Jira, but we're using just the straight up username from active directory, not the full email.

madamission

Posted 2018-06-13T20:35:02.810

Reputation: 561

Answers

0

Turns out to do this you only have to make one change. In the Azure portal, go to Azure AD and find the Jira SAML SSO app registration (this same thing would probably work for other SAML/SSO apps that have the same requirement).

In that app, click the link under 'Managed Application in local directory' then click the 'Single Sign-on' to configure the SAML properites that are sent back. For the User Identifier, change it from its default of name.userprincipalname to the aptly named and convenient 'name.onpremisessamaccountname' and Save your changes.

madamission

Posted 2018-06-13T20:35:02.810

Reputation: 561

Asked: 2018-06-13T20:35:02.810

Viewed: 221 times

Active: 2018-06-13T20:40:11.850