Azure AD SSO integration with JIRA through SAML protocol

Farshin Arya 1 Reputation point
2020-12-13T17:38:35.877+00:00

I can read one of the requirements in Microsoft's document for Jira SSO integration to Azure AD as the following->

"JIRA server is reachable on internet particularly to Azure AD Login page for authentication and should able to receive the token from Azure AD"

the document: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/jiramicrosoft-tutorial

Firstly, I don't understand the English - something is reachable on Internet to something else? or was it trying to say something is able to reach something else?

That to be one part I could not understand the meaning of.

Secondly, why is there such a requirements - have I understood the flow incorrectly that the user is redirected through browser and the token is sent back through the browser and the user is carrier of that token through its browser?

If we agree with the statement in the document, no application behind firewall is able to SSO to Azure AD, and this is while the user is able to access both. I could understand if it was trying to say that it needs a connection to Azure to fetch the metadata but why Azure needs to be able to access Jira? Doesn't Azure application just redirects through browser after successful authentication?

I can further see an issue created for it in 2019 and it was closed without further clarification of why they thought it had been documented correctly. https://github.com/MicrosoftDocs/azure-docs/issues/54680

Can I please receive a clarification whether Azure application needs to be able resolve and access a Jira behind firewall or does it need only its URL for redirection?

Thanks,
Farshin

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,679 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 34,311 Reputation points Microsoft Employee
    2020-12-15T17:44:17.207+00:00

    Hi @Farshin Arya ,

    The author replied on the thread that the poster's original understanding is correct and the access does need to exist both ways. In this case you need to open the port in your firewall so that users can use the URL to access the JIRA server and the JIRA server also should able to receive the token from Azure AD endpoint and for that you need to open the inbound connection to the Azure AD endpoint to receive the token.

    0 comments