SAML - Info On settings which got migrated

To improve the usability of our plugin and to improve the customer experience, we have changed the User Interface of our SAML plugins.

If you have been using our plugin already and want to check out where the previous settings are moved, then you are on the right page. Throughout this document, we are going to see where the features from the old UI got moved in the new UI.

We have added a ‘Plugin Tour’ option in the plugin. The tour takes you through all the plugin highlighted features and tabs.

 

Configuring new IDP

The option to add a new IDP is provided on the Configured IDPs page of the plugin. You can now take advantage of our Quick setup option to configure your IDP within a few minutes. Now you have two options while setting up a new IDP - Quick Setup and Custom Setup. In the Quick setup, you can first configure the IDP with the basic settings required to perform SSO and then go ahead with the advanced settings if wanted. Or you can directly select the Custom Setup option and configure all the settings at once, as you used to do in the older UI.

There are 5 steps in the Quick setup to complete the basic SSO Setup. You can leave the Quick setup whenever you want and these settings will be saved as a draft and you can resume the Quick Setup of the IDP later from where you left.

Refer this document to know more about the Quick Setup Option.

Existing Settings

In the new UI, we have shifted the horizontal menu from the old UI to a vertical menu to increase the ease of accessibility. It makes navigation in the plugin easy. The vertical menu has allowed us to move all the related settings to different tabs so that you can find the features easily. This makes more space for adding new options and hence many more features in the future.

In the old UI, settings in some of the tabs were IDP specific (eg: IDP Configuration, User Profile and User Groups tabs) and settings in other tabs were common to all the configured IDPs. (eg: Service Provider Info, SSO Settings, Certificates). Each IDP specific page had dropdowns to select the IDP to view and update the settings of that IDP.

In the new UI, all tabs with common settings are present in the menu on the first page along with one tab, Configure IDPs, which lists all the configured IDPs. If we hover over any IDP, the menu items for that IDP will appear. You can go to those IDP configuration pages to update the settings related to that IDP. You can come back to the common settings anytime using the Back Button in the IDP specific menu.

 

Settings common to all IDPs

For some tabs, the settings for Old UI and New UI are the same. But settings of SSO Settings tab are distributed to many different tabs with related settings per tab.

Old UI Tab

New UI Tab

Settings 

Configure IDP

Configured IDPs

  • Shows a list of all the configured IDPs with various actions that can be performed on those IDPs

  • Option to enable/disable SSO for Jira Software and ServiceDesk for particular IDPs

  • Provides an option to configure a new IDP

  • Provides an option to take a tour of the plugin

Service Provider Info

SP Information

Provides the metadata/endpoints of the app which will be used to configure the IDP

SSO Settings

Sign-In Settings

  • Disable Anonymous access

  • Emergency login settings

  • SSO options for Admin login

 

Redirection Rules (New)

  • Configurations for redirecting users to IDPs for login for both Jira Software and ServiceDesk

  • Redirections based on Directory, Groups, Domains, etc



Look and Feel

  • Options to decide how the user login page will look like (Jira Software and ServiceDesk)

  • Option to customize the error page



Post Logout Configurations

  • Option to configure where users will be redirected after logout in Jira Software and ServiceDesk

  • Configure a URL or create your own page by using a template provided by us



Session Management

Settings to manage user session (Remember device and session timeout configuration)

 

Global SSO Settings

Global settings for the plugin

  • Enable SSO for Jira/JSD

  • Allow user to change password

  • Auto activate user on SSO

  • Restrict plugin API access

  • Restrict Duplicate SAML Assertions

Certificates

Certificates

Provides an option to customize the Public and Private Certificates which will be used for encrypting and decrypting the SAML requests and responses

Download App Settings

Backup and Restore

  • Options to take a backup of settings and to restore settings from a configuration file

  • Option to Backup/Restore using REST calls

IDP Specific Settings

On opening the plugin, you will see a page where all the configured IDP(s) are listed in a table with various options that can be performed on the IDP.

If you want to configure an IDP, then you can start the configuration using the Add New IDP button. You can choose one of the two options: the Quick setup or the Custom setup. If you leave the Quick Setup in between then, Continue Quick Setup option appears for those IDPs. You can resume the Quick Setup of the IDP from where you left it. If you don't want to continue the quick setup and configure the IDP manually then you can remove this option using the cross button beside it.

The Toggle buttons provided for Jira SSO and ServiceDesk SSO can be used to Enable/Disable the SSO for Jira Software and ServiceDesk respectively for that particular IDP. 

The Test link for each IDP can be used to test the configurations of that particular IDP. It lets you know if your configurations are correct or not. If all your configurations are correct then you will see all the attributes received from the IDP, the SAML Request and the SAML Response. If the configurations are wrong then an appropriate error will be shown. You can find this option here on List IDP page and also on the Configure IDP page for all IDPs

You can delete an IDP using the Delete button provided for each IDP. Once deleted, there is no option to get it back. If you are looking to use these settings later, it is recommended to disable the IDP instead.

When View is clicked, you will be redirected to the Overview for that IDP. On this page, all the settings configured for the IDP will be displayed. It contains 3 sections - IDP configurations, User Profile and User Groups.  

With the Edit dropdown, you can go to respective pages to update the IDP configuration.

You can refer the table given below to check all the settings provided in the IDP related tabs.

Old UI Tab

New UI Tab

Settings 

Configure IDP

IDP Configuration

  • IDP endpoints and other settings

  • Provides an option to test the configurations - All attributes received from IDP, SAML Request and SAML Response can be seen here

 

Advanced SSO options (New)

  • Enable new user creation

  • Certificate Rollover - Settings related to Refresh metadata

  • Relay State URL - Option to configure a URL where all the users logging in from this IDP will be redirected after SSO

User Profile

User Profile

Setting to map the user’s profile attributes from IDP to Jira

User Groups

User Groups

  • Setting to configure default groups to be assigned to the user at SSO

  • Settings to map groups from IDP to local Jira groups

New Features

Redirection Rules (New)

All the settings related to the redirection on the login page are moved to this tab. Redirection Rules allow you to define rules on how the users should be redirected to IDP. There are options to configure rules for both Jira Software and ServiceDesk. You can set rules based on the user's email domain (for user@example.com, the domain is example.com), directory or group. And for each rule, you can specify which Identity Provider (or login page) the user will be redirected if the rule condition is met.

Based on the configured rules, following checks are made whenever a user accesses the login page - if user’s email domain matches the configured domain, if the user is part of a particular directory and if the user is part of the configured group. And based on that the user is redirected to the specified IDP for SSO.

By default one rule is always configured that will be applicable to all the users.

If you have multiple rules, you can set the priority of the rules using the arrows given beside the rules. Higher priority rules will be checked first and if the user details do not match that rule then the subsequent rules will be checked. 

IDP Specific Relay State URL (New)

With this setting, you can decide where you want to redirect your users after they log in via SSO. Previously this setting was common among all the configured IDPs but in the new UI, we have made this specific to IDP. You can find this option in the Advanced SSO settings of the IDP.

For example, your customers and employees are stored in 2 different IDPs and you want to redirect customers to one URL and the employees to other URL. In cases like this, you can configure different relay states for 2 IDPs and the users will get redirected accordingly at login.

Reference table for new locations of the old options

Feature/Setting

Old Location

New Location

Service Provider Metadata

Service Provider Info tab

SP Information tab

List of all configured IDPs

Configure IDP tab 

Configured IDPs tab

Domain Mapping feature

Configure IDP tab 

Redirection Rules tab

Manual IDP Configuration

Configure IDP tab

IDP Configuration tab

  • Select idp> Edit> SSOEndpoints

IDP>Import from metadata feature

Configure IDP tab

IDP Configuration tab

  • Select idp> Edit> SSOEndpoints

Refresh Metadata Feature

Configure IDP tab>Import from Metadata section

Advanced SSO Options tab

Settings related to end-user profile mapping

User profile tab

User Profile tab 

  • idp> Edit> User Profile Settings

Default group settings and group mapping settings

User Groups tab

User Groups tab

  • idp> Edit> User Groups Settings

Auto Redirect to IDP feature 

SSO Settings tab

Sign-In Settings tab

Backdoor/Emergency URL and Restrict backdoor based on groups feature

SSO Settings tab

Sign-In Settings tab

Custom templates

  • Logout template

  • Error msg template

SSO Settings tab

Look and Feel tab

Custom Logout URL and custom logout template

SSO Settings tab

Post Logout Configurations tab

Remember Device Setting

SSO Settings tab

Session Management tab

Option to enable SSO for Jira Software and ServiceDesk

SSO Settings tab

  • Global SSO Settings tab

  • Configured IDPs tab - IDP specific options (new) 

Allow Change Password feature

SSO Settings tab

Global SSO Settings tab

Auto activate users on SSO feature

SSO Settings tab

Global SSO Settings tab

Option to configure custom certificates

Certificates tab

Certificates tab

Options to import/export plugin configurations

  • Using File

  • Using REST APIs

Download App Settings tab

Backup and Restore