Configure SAML single logout for Okta
Who can do this? |
はじめる前に
Before you can enable SAML single logout for Okta, make sure you’ve completed the following steps:
Connect to your Atlassian organization with an identity provider
Configure SAML for users to authenticate with single sign-on
Atlassian supports SAML single logout only for identity providers Okta and Microsoft Entra. Configure SAML single logout for Microsoft Entra
What is app-initiated single logout?
App-initiated single logout means that when a user logs out of an Atlassian app, such as Jira, they are also logged out of your Okta identity provider in a single action. This helps prevent unauthorized access to your Atlassian organization’s data.
Enable app-initiated single logout
Once you’ve connected your Okta identity provider to Atlassian and configured SAML for single sign-on, you can enable app-initiated single logout.
To enable app-initiated single logout:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Identity providers.
Select your Okta directory.
Select Authentication > View authentication configuration.
Under Single logout, select Enable.
Download the signature certificate and upload it to Okta.
Copy the logout URL from your Okta identity provider and paste it into the logout URL field.
Edit app-initiated single logout
You may need to update your single logout URL to maintain a secure connection.
To edit app-initiated single logout:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Identity providers.
Select your Okta directory.
Select View authentication configuration.
Select Single logout.
Copy the logout URL from your Okta identity provider and paste it to the logout URL field.
Refresh public certificate for app-initiated single logout
When you refresh a public certificate, you no longer log users out from both Atlassian and Okta. You must download the certificate and then upload it to Okta to enable single logout.
To refresh the public certificate for app-initiated single logout:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Identity providers.
Select your Okta directory.
Select View authentication configuration.
Select Single logout.
Select menu […] Refresh certificate.
Download the signature certificate and then upload it to Okta.
Delete app-initiated single logout
When you delete your app-initiated single logout configuration, we no longer log users out from both Atlassian and your Okta identity provider with a single action.
To delete app-initiated single logout:
移動 Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Identity providers.
Select your Okta directory.
Select View authentication configuration.
Select Single logout.
Select menu […] Delete app-initiated logout.
この内容はお役に立ちましたか?