Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

OKTA and Confluence

Ernie Jennings
Ernie Jennings
Contributor
November 29, 2019

Is anyone using OKTA with Confluence for SSO? Are there any gotchas?  If you have a link to share, that would be great!~

 

Thanks

Answer
Watch
Like Be the first to like this
990 views

2 answers

0 votes
Jon Espen Ingvaldsen Kantega SSO
Jon Espen Ingvaldsen Kantega SSO
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 29, 2019

Hi @Ernie Jennings 

Setting up Okta as an identity provider to confluence is quite straight forward and can be done using both the SAML and OpenID Connect standards. For Confluence server you need one of the marketplace SSO app to achieve this. 

There are, however, some gotchas related to how to provision users and give Confluence knowledge about Okta user accounts and their permissions. You can create and maintain user records manually, but there are also more automated ways of keeping confluence user directories up to date. Just-in-time provisioning makes use of SAML user attributes (name, email and group memberships) to update confluence on-the-fly each time a user logs in. User sync or cloud user provisioning is a third alternative, where a background process takes care of updating Confluence with user data from Okta. The advantage of the latter approach is that it can also remove and deactivate users that no longer should have access. https://kantega-sso.com/articles/provisioning/

Should all users in your organization access Confluence through Okta, or will you also have other users (like internship students, external consultants and admins) that will need to login natively with username and password directly in confluence? If that is the case, you should select a solution that allow you to combine SSO with traditional login. 2-step login is something many organizations use here to automatically route a subset of users to the right login mechanism. https://kantega-sso.com/articles/2steplogin/

If you want to apply stronger authentication like 2 factor auth, there are also a gotcha related to closing traditional confluence login options (removing weak authentication as an option and login alternative). https://kantega-sso.com/articles/MFA/

Hope this help you to progress and setup a secure and user friendly user experience, and get a user access solution that is easy to maintain.


Regards,
Jon Espen 
Kantega SSO

Reply
0 votes
Ankit
Ankit
Atlassian Partner
November 29, 2019

Hi Ernie,

 

You can checkout our app SAML SSO for Confluence which supports Okta as IDP. You can try the app for free on the link below:

https://marketplace.atlassian.com/apps/1215542/single-sign-on-sso-confluence-saml?hosting=server&tab=overview

Here's a step by step guide to set it up with Okta. This generally takes 2-4 minutes.

https://plugins.miniorange.com/saml-single-sign-sso-confluence-using-okta/

If you need any assistance in setting this up, you can reach out to atlassiansupport@xecurify.com and they'll set up a screen share with you to get your set up up and running.

 

Thanks,

Ankit Ahuja

 

P.S: Full Disclosure, I work with miniOrange, one of the top SSO vendors on Atlassian marketplace.

View More Comments
Ernie Jennings
Ernie Jennings
Contributor
December 2, 2019

Very cool, thanks so much. We are using the Confluence Internal Directory, is there anything we need to be vigilant about? Eventually, we would like to use AD. Thanks for you're willingness to assist.

Like
Ernie Jennings
Ernie Jennings
Contributor
December 2, 2019

Hi @Ankit , do you know  is it possible to manually login and have SSO?

Like
Ankit
Ankit
Atlassian Partner
December 2, 2019

Yes, you can have a simple login button and SSO button beside it. Apart from this, you can enable Manual Login or SSO based on email domain. So you can configure SSO for your AD users only. Here, users will be asked to enter email address/username first and based on the email domain, they'll be either shown a manual login page or redirected to Okta.

 

Regarding AD consideration, it is compatible with AD. Your users will be logged in with their AD synced account after SSO. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.