Are EasySSO Server Licenses Still Available to Purchase?
Step-by-step guide
For installations with Java 11 please read: Additional Configuration for Java 11
- Obtain EasySSO from the Atlassian Marketplace.
- Install a license for EasySSO. If you already have a production one in your My Atlassian portal - find it, and copy/paste into EasySSO's record in Universal Plugin Manager (UMP) under Manage apps.
If you need a Free Trial one:
If you have Internet connectivity from the Atlassian application: Usually during the installation of a new app in the UPM you will be asked for credentials to your My Atlassian portal in a popup. Enter these, and after filling the name of the organisation for the license, you will have access to the license and the option to have it installed automatically.
Alternatively: Obtain an EasySSO license from the Atlassian Marketplace by clicking "Try it free" and copy/paste into EasySSO's record in the Universal Plugin Manager (UMP) under Manage apps.
Once installed click Configure in UPM to proceed to the configuration wizard. You can also arrive to this screen by clicking EasySSO link under "TechTime Add-Ons" section usually located in the left panel of the Admin screen.
Click on NTLM/Kerberos
Follow the link on the screen to obtain the IOPLEX Jespa library and upload it into EasySSO screen.An "About" dialog will popup. "Trial period" refers to IOPLEX Jespa Free trial period when it operates in unlimited number of users mode. After this period it will automatically revert to 25 unique users only mode. If you require more time to evaluate, once you renewed EasySSO evaluation license via Marketplace, repeat this very step, downloading a fresh IOPLEX Jespa distribution.
See the screenshots on the right. Read more about the role of IOPLEX Jespa library in EasySSO product.
5. Read the IOPLEX EULA.
Continuing past this point signifies your acceptance of the terms of IOPLEX EULA.
6. Go to "EasySSO Configuration" tab
7. Fill in your domain name. If you don't know what your domain is it is better to consult your Active Directory Admin or you can use the method described in our "Determining AD forest" FAQ page. One of the values returned will be the domain name ("Dom Name").
Alternatively:
systeminfo | findstr /B /C:"Domain"
8. Obtain a computer Active Directory account with a password in your Domain from your Active Directory administrator.
This is the most important part of the configuration. If this takes more time than expected, you can save the values already entered on this screen (if any) and return to this screen later.
You will need a new/dedicated computer account with a password. It's not a user account or what is known a "service" account. Please do not re-use computer accounts created for other instances of EasySSO (e.g. test environment or other Atlassian applications) - for details see: I HAVE MULTIPLE INSTANCES OF EASYSSO - HOW MANY COMPUTER ACCOUNTS DO I NEED? in our FAQ
Since creating this requires one to be logged in as an Active Directory administrator - we cannot automate this task, please work with your Active Directory administrators on this.
The account can be created (also known as "pre-staged") using standard Microsoft tools as described in this Technet article.
Password for the computer account can be set from the command line using "net user <computer account$> <password> /domain" command described in this Technet article.
Alternatively you can do it with a PowerShell cmdlet "Set-ADAccountPassword -Identity <computer account$> -Reset -NewPassword <password>" as described in this article.
These command can be run on any domain-connected workstation, but do require the user who runs them to be an Active Directory administrator.
If you or your AD admin requires more details, please read IOPLEX Jespa Operators Manual about these (pages 7-8). The manual is also available for download from the link on the EasySSO Configuration tab and the About screen once you've uploaded IOPLEX Jespa .zip package.
Please pass IOPLEX Jespa .zip package to your administrators – it contains the Operators Manual as well as the necessary command-line scripts to help them accomplish this task (if for some reason they do not like the standard ones mentioned above).
IOPLEX Jespa package contains two .vbs scripts – one script is a full wizard that will create the computer account and set the password - you will need to be an Active Directory administrator to be able to run these scripts. The other one can be used by your domain administrators to set a password on computer account if they create it manually using default tools from Microsoft.
If you are an Active Directory administrator yourself – the download link 'SetComputerPassword.vbs script' is available on the EasySSO Configuration tab (in the help hint of the password field). You will have to rename the file to *.vbs (as browsers won't download it as is). The script is plain text - feel free to open it up in a any text editor and review.
9. Enter computer account credentials. Press Test Connection. EasySSO will attempt to discover you Domain Controllers automatically from DNS and connect to one of them via NETLOGON protocol. If you receive an error message, please examine logs, specifically jespa.log - here is how to get the logs. Most of the common errors are described in Troubleshooting section IOPLEX Jespa Operators Manual (pages 27-32). The manual is also available for download from the link on the EasySSO Configuration tab and the About screen once you've uploaded IOPLEX Jespa .zip package. Chat to our 24x7 support (bottom right of this very page) and we will assist you.
10. Once the connection works, SSO should work too. Test in Incognito/In-Private mode or with another browser. If you are kicked out to login page or logout after successful SSO, make sure you close the browser window (to clear out the cookies) and then navigate to the Atlassian application again in a new browser window. If you receive any error messages or observe some unexpected behaviour (e.g. domain credentials popup), please review items below, and examine logs, specifically jespa.log - here is how to get the logs. Chat to our 24x7 support (bottom right of this very page) and we will assist you.
11. Proxies: If you are running behind a reverse proxy e.g Apache - see Configuring Apache as a reverse proxy for EasySSO in our FAQ for the additional config that needs to be done to these front-facing web servers. If you are using NGINX - see How to Configure NGINX in our FAQ . If you are using IIS - see Configuring IIS as reverse proxy in our FAQ
12. If you are installing EasySSO into multiple Atlassian applications, that are integrated via Application Links you will need to configure mutual filtering between applications as NTLM/Kerberos is not supported when building or verifying the application link.
This can be done either using IP Filtering or User-Agent filtering to disable NTLM/Kerberos when for example JIRA contacts Confluence and vice versa. User-Agent filtering seems to be preferred by most customers.
In our FAQ we specifically answer the question "My Application Links don't work after installing EasySSO?" with instructions on how to configure User-Agent filtering.
13. Browser Setting: For the duration of your testing, especially if this is done in a freshly build test environment - you may need to change the browser settings according to these instructions. Once you are deploying to production - usually the corresponding settings are applied via domain global policies automatically.
14. Take a look at our FAQs page to see if there are any scenarios that apply to you which could make your life easier.
15. If you want to configure EasySSO further please read the Advanced configuration for EasySSO instructions. Here you will find information on:
a) Specifying log levels and log file locations
b) the AD site configuration - please read our FAQ article: Determining existing AD sites
c) choosing the canonical form of your user accounts - make sure it matches the form of the usernames used in Atlassian application
d) configuring Kerberos (please make sure that NTLM SSO works first!)
Pair EasySSO with User Management for JIRA and Confluence. Visit the Atlassian Marketplace for more information.