OAuth SSO - Info On settings that got migrated

There isn't anything permanent except CHANGE! What's more, we have improved the user interface and usability of the App for a superior experience for you, our customers.

To improve usability, we have also moved around the settings and placed them in a more intuitive location inside the app. On this page, you will find out where the past settings have been moved. All through this page, you will see where the configurations from the old UI were moved into the new UI. You can simply use Ctrl+F or Cmd+F to find the location of any feature

 

Configuring New Provider

The choice to “Add New Provider” is currently accessible on the "Configured Providers page" of the App. You can look through your OAuth/OIDC Provider on the "Select your Provider” page. On the off chance that your provider isn't mentioned, you can go with Custom OAuth or Custom OIDC Setup.

Existing Settings

In the new UI, we have moved the horizontal menu from the previous display to a vertical menu. The vertical menu has permitted us to move each one of the connection settings to various tabs so you can find the highlights/features without any problem, making the app navigation simple.

In the old UI, settings in some of the tabs were configured OAuth provider-specific (eg: Configure OAuth, User Profile, and User Groups tabs) and settings in other tabs were common to all the configured providers. (eg: Sign In Settings, Backup/Restore Configuration). Each provider-specific page had dropdowns to select the provider to view and update the settings of that provider.

In the new UI, all tabs with common settings are present in the menu on the first page along with the Configured Providers tab which lists all the providers you configured. If we hover the cursor over any provider, the menu items for that provider will appear. You can go to those provider configuration pages to update the settings related to that provider. 

Settings common to all Providers:

Old UI Tab

New UI Tab

Settings

Configure OAuth

Configured Providers

  • Shows a list of all the configured providers on which the below actions can be performed:

    • View

    • Test

    • Edit

      • SSO Endpoints

      • User Profile

      • User Groups

      • Advanced SSO Settings

    • Delete 

  • Option to enable/disable SSO for Jira Software and Service Management for particular providers

  • Provides a button to add a new provider

 

Redirection Rules

The Domain Mapping feature is now available as a part of Redirection Rule, with easy to use and convenient UI.

Redirection Rules allow you to define rules on how the users should be redirected during login. 

You can set the redirection rules for both Jira Software and Jira Service Management

  • The Default Redirection Rule could be:

    • Jira login page

    • Configured Provider

    • Redirect to a URL

  • You can define your own rules based on the user's email domain, by clicking on Add Rule Button

Sign-In Settings

Sign-In Settings

  • Emergency login settings

  • SSO options for Admin login

  • Auto Redirect to Application

Session Management

  • Set Remember Me-Cookie

Look and Feel

In this page, you will find following options:

  • Set Login Button Test

  • Select SSO Button Position

    • Before Login Button

    • After Login Button

  • Enable Custom Login Template for Jira and Jira Service Management

    • Modify Login Template

    • Default login page URL

    • Default JSD login page URL

    • Code to add new SSO Button

  • SSO Error Template

    • Enable custom error template

    • You can configure custom error messages for errors during SSO

Post Logout Configurations

Here you can set:

  • Custom Logout URL

  • Enable and modify Custom Logout Template for Jira Software.

Global SSO Settings

  • Enable SSO for Jira Software and Jira Service Management

  • Allow Users to Change Password

  • Restrict access to plugin APIs

  • Auto Activate Users on SSO

Back/Restore Configuration

Back/Restore Configuration

This tab will help you transfer your app configurations when you change your JIRA instance; e.g. when you migrate from test environment to production. 

The app configurations can be transferred in two ways:

  • Download/Upload app Configurations by File.

  • Configure/Fetch app configuration via REST API.

 

Provider Specific Settings [New]

On opening the app, you will see a Configured Providers page where all your configured provider(s) are listed, with various options that can be performed on them. If you haven’t configured it yet, you can start by clicking the Add New Provider button. It will show you a list of providers. Select the desired provider and continue with your configurations.

The toggle buttons provided for SSO and JSM SSO (For Jira Service Management) can be used to Enable/Disable the SSO for Jira Software and Service Management respectively for that particular provider. 

The Test link for each provider can be used to test the configurations of that particular provider. It lets you know if your configurations are correct or not. If all your configurations are correct then you will see all the attributes received from the provider. If the configurations are wrong then an appropriate error will be shown. 

You can delete a provider using the Delete button provided for each provider. Once deleted, there is no option to get it back. If you are looking to use these settings later, it is recommended to disable the Provider instead.

With the Edit dropdown, you can go to respective pages to update the provider’s configuration. 

You can refer to the table given below to check all the settings provided in the Provider-related tabs:

 

Old UI Tab

New UI Tab

Settings

Configure OAuth

Configuration

Here, you can view and edit the following details :

  • App Name

  • IDP ID

  • Client ID

  • Client Secret

  • Scope

  • Logout Endpoint

  • Tenant ID/Domain URL/Realm Name/Hosting Type (as per the selected provider)

Advanced SSO Options

This tab provides you with the following settings:

  • User Creation

    • Allow User Creation

    • Directory for New User

    • Create New Internal Directory

    • Remote Directory Sync

  • Request Parameters

    • Authorization Request Parameters:

      • ACR Value

      • State Parameter

      • Nonce Parameter

      • Add Custom Parameter

    • Send Parameters in Token Endpoint:

      • Http Header

      • Http Body

  • Response Validation 

    • Check issuer in Response

    • Public Key/JWKS Endpoint 

User Profile

User Profile

This tab provides settings to map the user’s profile attributes from Provider to Jira. You’ll find options to 

  • Update Existing User Profile

  • Login Jira user account by

    • Username

    • email

  • Set attribute for 

    • Username

    • Email

    • First Name

    • Last Name

  • Apply regular expression on username field

  • Language Mapping

  • Configure User Properties(Extended Attributes)

Users Group

User Groups

This tab provides you with the following settings:

  • Default Group Configurations

  • Assign Default Groups To

    • New Users

    • All Users

    • None

  • Group Mapping ConfigurationsGroup Mapping can be configured in one of the following two ways:

    • Manual Group Mapping

This is useful when your IdP group names and local application group names are different. In this case, you have to map each provider group to the application group manually. Following are the settings provided in this section.

  • Update existing user groups

  • Group Attribute

  • Create user only if groups are mapped

 

  • On-The Fly Group Mapping

This can be used when your IdP group names and local application group names are an exact match. In this case, the app detects the groups and adds users to those groups automatically. Following are the settings option provided in this section

  • Update existing user groups

  • Group Attribute

  • Filter Group

    • Apply regular expression on Group Name.

  • Create New Groups

  • Keep Existing Users Groups

New Release

Redirection Rules

All the settings related to the redirection on the login page are moved to this tab. Redirection Rules allow you to define rules on how the users should be redirected during login. There are options to configure rules for both Jira Software and Service Management. You can set rules based on the user's email domain (e.g. For user@example.com, the domain is http://example.com ). You can specify which OAuth Provider (or login page) the user will be redirected to if the rule condition is met.

The Default Rule is always configured and will be applicable to all the users whenever any pre-configured rules are not satisfied. If you have multiple rules, you can set the priority of the rules using the arrows given beside the rules. Higher priority rules will be checked first and if the user details do not match that rule then the subsequent rules will be checked. 

Reference table for new locations of the old options

Feature/Setting

Old Location

New Location

List of all configured Providers

Configure OAuth tab 

Configured Providers

Settings related to end-user profile mapping

User Profile

User Profile tab 

  • Provider> Edit> User Profile Settings

Default group settings and group mapping settings

User Groups

User Groups tab

  • Provider> Edit> User Groups Settings

Auto Redirect to Application Options for Jira Software and JSM

Sign In Settings

Sign-In Settings tab 

Backdoor/Emergency URL and Restrict backdoor based on groups feature

Sign-In Settings tab 

Custom templates

  • Login Template

  • SSO Error Message template

Sign In Settings

 

Look and Feel tab

Custom Logout URL and 

Custom Logout Template

Sign In Settings

Post Logout Configurations tab

Remember Device Setting

Sign In Settings

Session Management

Option to enable SSO for Jira Software and Service Management

Sign In Settings

Global SSO Settings

Allow Change Password feature

Auto activate users on SSO feature

Restrict access to plugin APIs

Enable SSO Only For Service Management Agents

Domain Restriction

Administrator Login




@ Copyright 2019 miniOrange. All Rights Reserved.