SAML - Info On settings which got migrated
To improve the usability of our plugin and to improve the customer experience, we have changed the User Interface of our SAML plugins.
If you have been using our plugin already and want to check out where the previous settings are moved, then you are on the right page. Throughout this document, we are going to see where the features from the old UI got moved in the new UI.
We have added a ‘Plugin Tour’ option in the plugin. The tour takes you through all the plugin highlighted features and tabs.
Configuring new IDP
The option to add a new IDP is provided on the Configured IDPs page of the plugin. You can now take advantage of our Quick setup option to configure your IDP within a few minutes. Now you have two options while setting up a new IDP - Quick Setup and Custom Setup. In the Quick setup, you can first configure the IDP with the basic settings required to perform SSO and then go ahead with the advanced settings if wanted. Or you can directly select the Custom Setup option and configure all the settings at once, as you used to do in the older UI.
There are 5 steps in the Quick setup to complete the basic SSO Setup. You can leave the Quick setup whenever you want and these settings will be saved as a draft and you can resume the Quick Setup of the IDP later from where you left.
Refer this document to know more about the Quick Setup Option.
Existing Settings
In the new UI, we have shifted the horizontal menu from the old UI to a vertical menu to increase the ease of accessibility. It makes navigation in the plugin easy. The vertical menu has allowed us to move all the related settings to different tabs so that you can find the features easily. This makes more space for adding new options and hence many more features in the future.
In the old UI, settings in some of the tabs were IDP specific (eg: IDP Configuration, User Profile and User Groups tabs) and settings in other tabs were common to all the configured IDPs. (eg: Service Provider Info, SSO Settings, Certificates). Each IDP specific page had dropdowns to select the IDP to view and update the settings of that IDP.
In the new UI, all tabs with common settings are present in the menu on the first page along with one tab, Configure IDPs, which lists all the configured IDPs. If we hover over any IDP, the menu items for that IDP will appear. You can go to those IDP configuration pages to update the settings related to that IDP. You can come back to the common settings anytime using the Back Button in the IDP specific menu.
Settings common to all IDPs
For some tabs, the settings for Old UI and New UI are the same. But settings of SSO Settings tab are distributed to many different tabs with related settings per tab.
Old UI Tab | New UI Tab | Settings |
Configure IDP | Configured IDPs |
|
Service Provider Info | SP Information | Provides the metadata/endpoints of the app which will be used to configure the IDP |
SSO Settings | Sign-In Settings |
|
| Redirection Rules (New) |
|
Look and Feel |
| |
Post Logout Configurations |
| |
Session Management | Settings to manage user session (Remember device and session timeout configuration) | |
| Global SSO Settings | Global settings for the plugin
|
Certificates | Certificates | Provides an option to customize the Public and Private Certificates which will be used for encrypting and decrypting the SAML requests and responses |
Download App Settings | Backup and Restore |
|
IDP Specific Settings
On opening the plugin, you will see a page where all the configured IDP(s) are listed in a table with various options that can be performed on the IDP.
If you want to configure an IDP, then you can start the configuration using the Add New IDP button. You can choose one of the two options: the Quick setup or the Custom setup. If you leave the Quick Setup in between then, Continue Quick Setup option appears for those IDPs. You can resume the Quick Setup of the IDP from where you left it. If you don't want to continue the quick setup and configure the IDP manually then you can remove this option using the cross button beside it.
The Toggle buttons provided for Jira SSO and ServiceDesk SSO can be used to Enable/Disable the SSO for Jira Software and ServiceDesk respectively for that particular IDP.
The Test link for each IDP can be used to test the configurations of that particular IDP. It lets you know if your configurations are correct or not. If all your configurations are correct then you will see all the attributes received from the IDP, the SAML Request and the SAML Response. If the configurations are wrong then an appropriate error will be shown. You can find this option here on List IDP page and also on the Configure IDP page for all IDPs
You can delete an IDP using the Delete button provided for each IDP. Once deleted, there is no option to get it back. If you are looking to use these settings later, it is recommended to disable the IDP instead.
When View is clicked, you will be redirected to the Overview for that IDP. On this page, all the settings configured for the IDP will be displayed. It contains 3 sections - IDP configurations, User Profile and User Groups.
With the Edit dropdown, you can go to respective pages to update the IDP configuration.
You can refer the table given below to check all the settings provided in the IDP related tabs.
Old UI Tab | New UI Tab | Settings |
Configure IDP | IDP Configuration |
|
| Advanced SSO options (New) |
|
User Profile | User Profile | Setting to map the user’s profile attributes from IDP to Jira |
User Groups | User Groups |
|
New Features
Redirection Rules (New)
All the settings related to the redirection on the login page are moved to this tab. Redirection Rules allow you to define rules on how the users should be redirected to IDP. There are options to configure rules for both Jira Software and ServiceDesk. You can set rules based on the user's email domain (for user@example.com, the domain is example.com), directory or group. And for each rule, you can specify which Identity Provider (or login page) the user will be redirected if the rule condition is met.
Based on the configured rules, following checks are made whenever a user accesses the login page - if user’s email domain matches the configured domain, if the user is part of a particular directory and if the user is part of the configured group. And based on that the user is redirected to the specified IDP for SSO.
By default one rule is always configured that will be applicable to all the users.
If you have multiple rules, you can set the priority of the rules using the arrows given beside the rules. Higher priority rules will be checked first and if the user details do not match that rule then the subsequent rules will be checked.
IDP Specific Relay State URL (New)
With this setting, you can decide where you want to redirect your users after they log in via SSO. Previously this setting was common among all the configured IDPs but in the new UI, we have made this specific to IDP. You can find this option in the Advanced SSO settings of the IDP.
For example, your customers and employees are stored in 2 different IDPs and you want to redirect customers to one URL and the employees to other URL. In cases like this, you can configure different relay states for 2 IDPs and the users will get redirected accordingly at login.
Reference table for new locations of the old options
Feature/Setting | Old Location | New Location |
Service Provider Metadata | Service Provider Info tab | SP Information tab |
List of all configured IDPs | Configure IDP tab | Configured IDPs tab |
Domain Mapping feature | Configure IDP tab | Redirection Rules tab |
Manual IDP Configuration | Configure IDP tab | IDP Configuration tab
|
IDP>Import from metadata feature | Configure IDP tab | IDP Configuration tab
|
Refresh Metadata Feature | Configure IDP tab>Import from Metadata section | Advanced SSO Options tab |
Settings related to end-user profile mapping | User profile tab | User Profile tab
|
Default group settings and group mapping settings | User Groups tab | User Groups tab
|
Auto Redirect to IDP feature | SSO Settings tab | Sign-In Settings tab |
Backdoor/Emergency URL and Restrict backdoor based on groups feature | SSO Settings tab | Sign-In Settings tab |
Custom templates
| SSO Settings tab | Look and Feel tab |
Custom Logout URL and custom logout template | SSO Settings tab | Post Logout Configurations tab |
Remember Device Setting | SSO Settings tab | Session Management tab |
Option to enable SSO for Jira Software and ServiceDesk | SSO Settings tab |
|
Allow Change Password feature | SSO Settings tab | Global SSO Settings tab |
Auto activate users on SSO feature | SSO Settings tab | Global SSO Settings tab |
Option to configure custom certificates | Certificates tab | Certificates tab |
Options to import/export plugin configurations
| Download App Settings tab | Backup and Restore |
@ Copyright 2019 miniOrange. All Rights Reserved.