I can read one of the requirements in Microsoft's document for Jira SSO integration to Azure AD as the following->
"JIRA server is reachable on internet particularly to Azure AD Login page for authentication and should able to receive the token from Azure AD"
the document: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/jiramicrosoft-tutorial
Firstly, I don't understand the English - something is reachable on Internet to something else? or was it trying to say something is able to reach something else?
That to be one part I could not understand the meaning of.
Secondly, why is there such a requirements - have I understood the flow incorrectly that the user is redirected through browser and the token is sent back through the browser and the user is carrier of that token through its browser?
If we agree with the statement in the document, no application behind firewall is able to SSO to Azure AD, and this is while the user is able to access both. I could understand if it was trying to say that it needs a connection to Azure to fetch the metadata but why Azure needs to be able to access Jira? Doesn't Azure application just redirects through browser after successful authentication?
I can further see an issue created for it in 2019 and it was closed without further clarification of why they thought it had been documented correctly. https://github.com/MicrosoftDocs/azure-docs/issues/54680
Can I please receive a clarification whether Azure application needs to be able resolve and access a Jira behind firewall or does it need only its URL for redirection?
Thanks,
Farshin