Configuring Okta IdP to use 'any' custom field as External ID for authentication with Jira Align

Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Integrating Okta with Jira Align enables streamlined and secure Single Sign-On (SSO) capabilities, enhancing both user experience and security. A common customization within this integration involves using an external ID to authenticate users in Jira Align. This article outlines the steps to configure Okta for utilizing an external ID as part of the authentication process in a proof-of-concept model.

Before proceeding, ensure you have administrative access to both your Okta and Jira Align accounts. Familiarity with SAML concepts and configurations and the concept of external IDs will also be beneficial.

Solution

On Okta's side:

  1. Create a New Attribute in Okta:

    • Navigate to the Profile Editor for Jira Align users in your Okta admin dashboard.

    • Create a new attribute to serve as the external ID (for example, extID).

      (Auto-migrated image: description temporarily unavailable)

  2. Map the New Attribute to User Profiles:

    • In the mapping section, specifically "Okta User to Jira Align," map the newly created attribute (extID) to the profile.

      (Auto-migrated image: description temporarily unavailable)

  3. Configure Application Username in Okta:

    • Within the Jira Align application settings in Okta, let the field "Name ID Format" as "Unspecified".

    • Set the Application username to Custom.

    • Add the mapped attribute user.extID as the application username.

      (Auto-migrated image: description temporarily unavailable)

  4. Assign External IDs to Users in Okta:

    • Manually enter the desired value for the external ID (extID) for each user in Okta. This step is crucial for ensuring that the correct ID is passed to Jira Align during authentication.

      (Auto-migrated image: description temporarily unavailable)

Jira Align Configuration

  • Navigate to Settings > Platform > Security in Jira Align.

(Auto-migrated image: description temporarily unavailable)

  • Ensure the external ID field in Jira Align matches the attribute you added in Okta.

(Auto-migrated image: description temporarily unavailable)

  • Here's an example of how the SAML Response from Okta to Jira Align will be composed

(Auto-migrated image: description temporarily unavailable)

Note: The ExternalID for authentication should be placed in the "Assertion" session of the SAML Response XML and not on the "Attributes" session.

Important Considerations

  • This configuration is a guideline and not an official recommendation from Atlassian. It's essential to proceed with caution and consult Okta support or an Okta specialist for a configuration that best fits your needs.

  • Atlassian does not provide support for identity provider (IdP) configurations. Any modifications or customizations made within your IDP, including Okta, are outside Atlassian's scope of support.

  • While this article outlines a method to use an external ID for authentication in Jira Align via Okta, it's crucial to understand the complexities involved. Engaging with Okta support or an Okta specialist is strongly advised for additional guidance or to explore alternative setup strategies.

Updated on April 14, 2025
Platform
Cloud and Data Center
Products
Jira Align Cloud
Jira Align Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community