Configuring Jira on-premises server with Okta SSO via Luminate

This article explains the steps required to configure an on-premises Atlassian Jira server that uses Okta Single Sign-on for access via Luminate Secure Access Cloud (TM). The Luminate environment can also be configured with the same Okta for convenience, but this is not a mandatory requirement.

Okta is providing a dedicated mechanism for on-premises Jira SSO, implemented as a non-standard plugin/patch for the Jira server. Due to its particular (non standard) implementation, following steps are mandatory to ensure that the Single Sign-On capability is preserved in all cases.

This guide assumes that the basic steps of implementing an Okta SSO with on-premises Jira, starting with defining a pre-defined Okta application called "Jira On-Premise", has been completed:

 Upon completion of the guide, the Okta Applications List will contain a SAML application object representing the particular Jira Server. In this guide we will call it a Native SAML Jira Application Object.

Step 1 - Create a new Bookmark App

In Okta Admin UI, Go to Applications view and create a new app of a type "Bookmark Application":

Step 2 - Configure the Bookmark App

Give this application a name that your users will recognize as a description of the Jira Server they will be accessing. In the URL field, please enter the https address of your Jira server, as accessible via Luminate (i.e., https://myjira.mycompany.com, if you are using a Custom Domain feature, or, https://myjira.mycompany.luminatesec.com )

It is very important that the URL in the bookmark leads to a "/" URI in the Jira Server. This is used by the Okta SSO implementation for Jira as a starting point for a single sign-on procedure.

Step 3 - Optionally, Update a Custom Icon

You can click on a "Pencil" icon near the bookmark icon and upload a custom icon. For your convenience, we have attached an icon that is identical to the one used by the built-in Jira On-Premises app to this KB article.

Step 4 - Assign the new Bookmark App to the Users

Using Okta's regular assignment UI, please make sure that the relevant users/groups in the organization will get this bookmark.

Step 5 - Optionally, hide the Native SAML Jira App Object Icon

To avoid confusion of users having both the Native SAML Jira App icon and the Bookmark App icon it is recommended to edit the Native SAML Jira App Object and to choose to hide its icon:

Please note that, depending on how you choose to define an internal address of the Web Application (in Luminate Admin Portal) that represents the on-premises Jira server, additional considerations may apply to make sure that the SSO functions in all cases. Please feel free to reach out to Luminate Support to consult.