Connect to Atlassian Cloud through Access
This guide covers how to configure Atlassian Cloud as a SAML application in Cloudflare Zero Trust.
Prerequisites
- a SAML identity provider configured in Cloudflare Zero Trust
- Admin access to an Atlassian Cloud account
- Atlassian Guard Standard subscription
- A domain verified in Atlassian Cloud
1. Add a SaaS application to Cloudflare Zero Trust
- In Zero Trust, go to Access > Applications.
- Select Add an application > SaaS.
- For Application, select Atlassian.
- For the authentication protocol, select SAML.
- Select Add application.
- Copy the Access Entity ID or Issuer, Public key, and SSO endpoint.
- Keep this window open without selecting Select configuration. You will finish this configuration in step 4. Finish adding a SaaS application to Cloudflare Zero Trust.
2. Create a x.509 certificate
- Paste the Public key in a text editor.
- Wrap the certificate in
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
.
3. Configure an identity provider and SAML SSO in Atlassian Cloud
- In Atlassian Cloud, go to Security > Identity providers.
- Select Other provider > Choose.
- For Directory name, enter your desired name. For example, you could enter
Cloudflare Access
. - Select Add > Set up SAML single sign-on > Next.
- Fill in the following fields:
- Identity provider Entity ID: Access Entity ID or Issuer from application configuration in Cloudflare Zero Trust.
- Identity provider SSO URL: SSO endpoint from application configuration in Cloudflare Zero Trust.
- Public x509 certificate: Paste the entire x.509 certificate from step 2. Create a x.509 certificate.
- Select Next.
- Copy the Service provider entity URL and Service provider assertion consumer service URL.
- Select Next.
- Under Link domain, select the domain you want to use with SAML SSO.
- Select Next > Stop and save SAML.
4. Finish adding a SaaS application to Cloudflare Zero Trust
- In your open Zero Trust window, fill in the following fields:
- Entity ID: Service provider entity URL from Atlassian Cloud SAML SSO set-up.
- Assertion Consumer Service URL: Service provider assertion comsumer service URL from Atlassian Cloud SAML SSO set-up.
- Name ID format: Email
- Select Save configuration.
- Configure Access policies for the application.
- Select Done.
5. Create an authentication policy to test integration
To enable SSO for users in Atlassian Cloud, create an Atlassian authentication policy:
- In Atlassian Cloud, go to Security > Authentication policies.
- Select Add policy.
- Under Directory, select the identity provider you used to configure SAML SSO.
- For Policy name, enter your desired name.
- Select Add.
- In Settings, turn on Enforce single sign-on.
- In Members, select Add members.
- In Individual Users, select your desired test user(s) in the dropdown, and select Add members.
- In Settings, select Update > Update.
6. Test the integration
Open an incognito browser window and log in with the credentials of the test user you added to the test authentication policy. You will be redirected to the Cloudflare Access login screen and prompted to sign in with your identity provider. When this is successful, turn on Enforce single sign-on in your desired authentication policy, or add the desired users to the application policy created in step 5. Create an Application Policy to test Integration.