Azure AD side

  1. In Microsoft Azure portal, navigate to Azure Active Directory/Enterprise Applications, click "New application"
  2. Choose "Non-gallery application", provide a name, click Add
  3. Once application is added, click "Single sign-on" application configuration pane, select "SAML-based Sign-on"
  4. Enter in Identifier value:
    The full form is https://<YOUR ATLASSIAN APPLICATION HOST>:<YOUR ATLASSIAN APPLICATION PORT>/<YOUR ATLASSIAN APPLICATION CONTEXT>/plugins/servlet/easysso/saml
    e.g if you are running Jira on custom port 2990 and context /jira: https://testjira.mydomain.com:2990/jira/plugins/servlet/easysso/saml
    or if you running on the default HTTPS port 443 and no context: https://testjira.mydomain.com/plugins/servlet/easysso/saml
  5. Enter the same value in Reply URL:
    The full form is https://<YOUR ATLASSIAN APPLICATION HOST>:<YOUR ATLASSIAN APPLICATION PORT>/<YOUR ATLASSIAN APPLICATION CONTEXT>/plugins/servlet/easysso/saml
    e.g if you are running Jira on custom port 2990 and context /jira: https://testjira.mydomain.com:2990/jira/plugins/servlet/easysso/saml
    or if you running on the default HTTPS port 443 and no context: https://testjira.mydomain.com/plugins/servlet/easysso/saml
  6. Leave "User Attributes"/"User Identifier" set to "user.userprincipalname", click "User Attributes"/"View and edit all other user attributes"
  7. Click "Add attribute", enter Name: urn:oid:0.9.2342.19200300.100.1.3, select Value: user.mail, leave Namespace value empty, click OK
  8. Click "Add attribute", enter Name: urn:oid:2.16.840.1.113730.3.1.241, select Value: user.displayname, leave Namespace value empty, click OK
  9. Click "Add attribute", enter Name: urn:oid:2.5.4.42, select Value: user.givenname, leave Namespace value empty, click OK
  10. Click "Add attribute", enter Name: urn:oid:2.5.4.4, select Value: user.surname, leave Namespace value empty, click OK
  11. Click "Add attribute", enter Name: urn:oid:0.9.2342.19200300.100.1.1, depending on what you use as the user-id in JIRA or Confluence - email or sAMAccountName select Value: user.mail or user.userprincipalname, leave Namespace value empty, click OK
  12. Make sure you have an active certificate for the application
  13. Download the certificate in Base64 form (you will need to copy/paste the certificate into EasySSO SAML configuration screen later)
  14. Download metadata in XML form (you will need to copy/paste values from this file into EasySSO SAML configuration screen later)
  15. Press "Save" at the top of the configuration pane

EasySSO side

Follow the details given on EasySSO with SAML - Configuration

EasySSO articles


Purchase from the marketplace

EasySSO on Atlassian Marketplace

Purchase