Configure SAML single logout for Microsoft Entra
Who can do this? |
Before you begin
Before you can enable SAML single logout for Microsoft Entra, make sure you’ve completed the following steps:
Connect to your Atlassian organization with an identity provider
Configure SAML for users to authenticate with single sign-on
Atlassian supports SAML single logout only for identity providers Microsoft Entra and Okta. Configure SAML single logout for Okta
What is service provider-initiated single logout?
Service provider-initiated single logout means that when a user logs out of an Atlassian app, such as Jira, they are also logged out of your identity provider in a single action. This helps prevent unauthorized access to your Atlassian organization’s data.
Enable service provider-initiated single logout
Once you’ve connected your Microsoft Entra identity provider to Atlassian and configured SAML for single sign-on, you can enable service provider-initiated single logout.
To enable service provider-initiated single logout:
Go to Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Identity providers.
Select your SAML configuration for Microsoft Entra.
Under Single logout, select Enable.
Copy the Service provider logout URL to Microsoft Entra.
Copy the logout URL from Microsoft Entra and paste it into Identity provider logout URL.
Select Save.
After completing these steps, logging out of Atlassian will also log users out of their Microsoft Entra SAML session.
Edit service provider-initiated single logout
You may need to update your single logout URL to maintain a secure connection.
To edit service provider-initiated single logout:
Go to Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Identity providers.
Select your Microsoft Entra directory.
Select View SAML configuration.
Make edits, then select Save.
Delete service provider-initiated single logout
When you delete your service provider-initiated single logout configuration, we no longer log users out from both Atlassian and your Okta identity provider with a single action.
To delete service provider-initiated single logout:
Go to Atlassian Administration. Select your organization if you have more than one.
Select Security > User security > Identity providers.
Select your Microsoft Entra directory.
Select View SAML configuration.
Under Single logout, select the More actions icon (•••) > Delete service provider-initiated logout.
Was this helpful?