Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Enable SSO for External Customers in Jira Service Management Cloud with AWS Cognito & Keycloak

May 29, 2025

As Jira Service Management (JSM) cements its position as a leading IT Service Management (ITSM) platform, more organizations are using it to support both internal teams and external stakeholders.

But with this expansion comes a critical challenge: How do you protect identities across such a diverse user base?

In today’s fragmented identity landscape, organizations rely on a mix of identity providers (IdPs) like Azure AD / Entra ID, Okta, and AWS Cognito. But modern ITSM isn’t just about authentication — it’s about giving the right people the right access at the right time.

 

Bridging the Gap for External User Authentication in JSM Cloud

Many JSM Cloud customers rely on Atlassian Guard (formerly Atlassian Access) to manage SSO for internal users. However, Guard currently does not support IdPs like AWS Cognito or Keycloak for customer-facing authentication.

This presents a challenge for companies that:

  1. Manage thousands of external customers who use IdPs not supported by Atlassian Guard
  2. Want to implement Single Sign-On (SSO) experiences for those customers
  3. Need to dynamically control portal access and visibility

 

Introducing miniOrange’s SAML/OAuth SSO for JSM Customers

Our SAML/OAuth SSO for JSM Customers app bridges this exact gap. It enables secure and seamless login for external users into the JSM Cloud customer portal using AWS Cognito, Keycloak, or any SAML/OIDC-compliant IdP.

Key Features

  1. SSO for External Customers via AWS Cognito, Keycloak, and More

Enable secure, scalable login for thousands of customers using the identity provider and protocol of your choice — whether SAML, OAuth, or OIDC.

  1. Dynamic Organization Mapping

Automatically assign users to Jira Service Management (JSM) Organizations based on email domains or IdP groups (e.g., customer_group) to eliminate manual organization assignment and significantly reduce administrative overhead.

This can be achieved through two flexible approaches:

  • Manual Group Mapping – Ideal when the group names in your IdP and Jira are different. For example, if the IdP group is IdP_users but the corresponding Jira group is jira-software-users, you can manually map these groups in the app. This gives you full control over custom group-to-organization mapping.
  • On-the-Fly Group Mapping Best used when group names in the IdP and Jira are identical. The app dynamically checks the values in the specified organization attribute and, on the fly, creates a corresponding Jira organization if no match is found. If a matching organization already exists, the user is simply added to it. This automatic detection and assignment eliminate the need for manual mapping.

 

Org mapping tab.png

  1. Granular Portal Access Control

Precisely control which portals customers can access based on their assigned Jira organizations and IdP groups — all without ongoing admin involvement. Ensure that external customers only access the specific portals and services relevant to them, with zero ongoing admin effort.

Key Capabilities: 

  • Granular Access Control – Define who can access which portal based on IdP Groups & Jira Organizations.
  • Domain-Based Mapping – Automate organization assignments dynamically based on user email domains.

jsm - portal-access-maping.png

Additional Benefits:

  • Scalable Access Control – Manage access for thousands of users without bloating your Jira configuration.
  • Consistent User Experience – Each customer sees only what they need, improving usability and reducing confusion.
  • Fewer Support Tickets – Eliminate misrouted tickets caused by incorrect portal visibility.

 

Why This Matters

If you're using Atlassian Guard and need to extend SSO access to external customers, leverage AWS Cognito or Keycloak as identity providers, dynamically assign users to JSM Organizations, and securely manage portal access at scale, our SAML/OAuth SSO for JSM Customers app is built exactly for you.

 

Ready to Get Started?

Skip the limitations of Atlassian Guard and empower your external users with a seamless login experience, automated org mapping, and secure access today!

Try our SAML/OAuth SSO for JSM Customers app now

Have questions? Drop them in the comments—we're happy to help or schedule a demo.

Comment
Watch
Like # people like this
158 views

0 comments

Comment

Log in or Sign up to comment
Aditya_miniOrange

Aditya_miniOrange

Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized

About this author

3 accepted answers

51 total posts

View profile
groups-icon
App Central
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security