OAuth SSO - Info On settings that got migrated

There isn't anything permanent except CHANGE! What's more, we have improved the user interface and usability of the App for a superior experience for you, our customers.

To improve usability, we have also moved around the settings and placed them in a more intuitive location inside the app. On this page, you will find out where the past settings have been moved. All through this page, you will see where the configurations from the old UI were moved into the new UI. You can simply use Ctrl+F or Cmd+F to find the location of any feature

1 Configuring New Provider
2 Existing Settings
- 2.1 Settings common to all Providers:
- 2.2 Provider Specific Settings [New]
3 New Release
- 3.1 Redirection Rules
4 Reference table for new locations of the old options

Configuring New Provider

The choice to “Add New Provider” is currently accessible on the "Configured Providers page" of the App. You can look through your OAuth/OIDC Provider on the "Select your Provider” page. On the off chance that your provider isn't mentioned, you can go with Custom OAuth or Custom OIDC Setup.

Existing Settings

In the new UI, we have moved the horizontal menu from the previous display to a vertical menu. The vertical menu has permitted us to move each one of the connection settings to various tabs so you can find the highlights/features without any problem, making the app navigation simple.

In the old UI, settings in some of the tabs were configured OAuth provider-specific (eg: Configure OAuth, User Profile, and User Groups tabs) and settings in other tabs were common to all the configured providers. (eg: Sign In Settings, Backup/Restore Configuration). Each provider-specific page had dropdowns to select the provider to view and update the settings of that provider.

In the new UI, all tabs with common settings are present in the menu on the first page along with the Configured Providers tab which lists all the providers you configured. If we hover the cursor over any provider, the menu items for that provider will appear. You can go to those provider configuration pages to update the settings related to that provider.

Settings common to all Providers:

Old UI Tab	New UI Tab	Settings
Configure OAuth	Configured Providers	Shows a list of all the configured providers on which the below actions can be performed: View Test Edit SSO Endpoints User Profile User Groups Advanced SSO Settings Delete Option to enable/disable SSO for Jira Software and Service Management for particular providers Provides a button to add a new provider
	Redirection Rules	The Domain Mapping feature is now available as a part of Redirection Rule, with easy to use and convenient UI. Redirection Rules allow you to define rules on how the users should be redirected during login. You can set the redirection rules for both Jira Software and Jira Service Management. The Default Redirection Rule could be: Jira login page Configured Provider Redirect to a URL You can define your own rules based on the user's email domain, by clicking on Add Rule Button
Sign-In Settings	Sign-In Settings	Emergency login settings SSO options for Admin login Auto Redirect to Application
	Session Management	Set Remember Me-Cookie
	Look and Feel	In this page, you will find following options: Set Login Button Test Select SSO Button Position Before Login Button After Login Button Enable Custom Login Template for Jira and Jira Service Management Modify Login Template Default login page URL Default JSD login page URL Code to add new SSO Button SSO Error Template Enable custom error template You can configure custom error messages for errors during SSO
	Post Logout Configurations	Here you can set: Custom Logout URL Enable and modify Custom Logout Template for Jira Software.
	Global SSO Settings	Enable SSO for Jira Software and Jira Service Management Allow Users to Change Password Restrict access to plugin APIs Auto Activate Users on SSO
Back/Restore Configuration	Back/Restore Configuration	This tab will help you transfer your app configurations when you change your JIRA instance; e.g. when you migrate from test environment to production. The app configurations can be transferred in two ways: Download/Upload app Configurations by File. Configure/Fetch app configuration via REST API.

Provider Specific Settings [New]

On opening the app, you will see a Configured Providers page where all your configured provider(s) are listed, with various options that can be performed on them. If you haven’t configured it yet, you can start by clicking the Add New Provider button. It will show you a list of providers. Select the desired provider and continue with your configurations.

The toggle buttons provided for SSO and JSM SSO (For Jira Service Management) can be used to Enable/Disable the SSO for Jira Software and Service Management respectively for that particular provider.

The Test link for each provider can be used to test the configurations of that particular provider. It lets you know if your configurations are correct or not. If all your configurations are correct then you will see all the attributes received from the provider. If the configurations are wrong then an appropriate error will be shown.

You can delete a provider using the Delete button provided for each provider. Once deleted, there is no option to get it back. If you are looking to use these settings later, it is recommended to disable the Provider instead.

With the Edit dropdown, you can go to respective pages to update the provider’s configuration.

You can refer to the table given below to check all the settings provided in the Provider-related tabs:

Old UI Tab	New UI Tab	Settings
Configure OAuth	Configuration	Here, you can view and edit the following details : App Name IDP ID Client ID Client Secret Scope Logout Endpoint Tenant ID/Domain URL/Realm Name/Hosting Type (as per the selected provider)
Configure OAuth	Advanced SSO Options	This tab provides you with the following settings: User Creation Allow User Creation Directory for New User Create New Internal Directory Remote Directory Sync Request Parameters Authorization Request Parameters: ACR Value State Parameter Nonce Parameter Add Custom Parameter Send Parameters in Token Endpoint: Http Header Http Body Response Validation Check issuer in Response Public Key/JWKS Endpoint
User Profile	User Profile	This tab provides settings to map the user’s profile attributes from Provider to Jira. You’ll find options to Update Existing User Profile Login Jira user account by Username email Set attribute for Username Email First Name Last Name Apply regular expression on username field Language Mapping Configure User Properties(Extended Attributes)
Users Group	User Groups	This tab provides you with the following settings: Default Group Configurations Assign Default Groups To New Users All Users None Group Mapping ConfigurationsGroup Mapping can be configured in one of the following two ways: Manual Group Mapping This is useful when your IdP group names and local application group names are different. In this case, you have to map each provider group to the application group manually. Following are the settings provided in this section. Update existing user groups Group Attribute Create user only if groups are mapped On-The Fly Group Mapping This can be used when your IdP group names and local application group names are an exact match. In this case, the app detects the groups and adds users to those groups automatically. Following are the settings option provided in this section Update existing user groups Group Attribute Filter Group Apply regular expression on Group Name. Create New Groups Keep Existing Users Groups

New Release

Redirection Rules

All the settings related to the redirection on the login page are moved to this tab. Redirection Rules allow you to define rules on how the users should be redirected during login. There are options to configure rules for both Jira Software and Service Management. You can set rules based on the user's email domain (e.g. For user@example.com, the domain is http://example.com ). You can specify which OAuth Provider (or login page) the user will be redirected to if the rule condition is met.

The Default Rule is always configured and will be applicable to all the users whenever any pre-configured rules are not satisfied. If you have multiple rules, you can set the priority of the rules using the arrows given beside the rules. Higher priority rules will be checked first and if the user details do not match that rule then the subsequent rules will be checked.

Reference table for new locations of the old options

Feature/Setting	Old Location	New Location
List of all configured Providers	Configure OAuth tab	Configured Providers
Settings related to end-user profile mapping	User Profile	User Profile tab Provider> Edit> User Profile Settings
Default group settings and group mapping settings	User Groups	User Groups tab Provider> Edit> User Groups Settings
Auto Redirect to Application Options for Jira Software and JSM	Sign In Settings	Sign-In Settings tab
Backdoor/Emergency URL and Restrict backdoor based on groups feature	Sign In Settings	Sign-In Settings tab
Custom templates Login Template SSO Error Message template	Sign In Settings	Look and Feel tab
Custom Logout URL and Custom Logout Template	Sign In Settings	Post Logout Configurations tab
Remember Device Setting	Sign In Settings	Session Management
Option to enable SSO for Jira Software and Service Management	Sign In Settings	Global SSO Settings
Allow Change Password feature
Auto activate users on SSO feature
Restrict access to plugin APIs
Enable SSO Only For Service Management Agents
Domain Restriction
Administrator Login