Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can JSM Cloud use SAML single sign on from AD as well as the Atlassian Identity management?

Sarah Catania
Sarah Catania August 4, 2021

Hi there

We recently moved (May 2021) from the Jira Service Desk Server Platform to Jira Service Management Cloud (JSM) and through our migration we were advised that we can't use both SAML Single sign on AND the induilt Atlassian Identity Management.

(I may be getting my terms muddled as I am no JIRA admin, so apologies for that).

We have internal agents (users) who have accounts within our Azure AD and also have external people who need access to our Atlassian software (Confluence, JIRA and JSM). Is this possible?

TL;DR: Can we have internal AD accounts and external accounts created on our JIRA Service Management cloud instance?

Answer
Watch
Like Be the first to like this
733 views

1 answer

1 accepted

0 votes
Answer accepted
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 4, 2021

Short answer: yes

The advice of not being able to mix both SAML SSO and in-build Atlassian ID mostly relates to agents and even then is not correct anymore.

If you want SAML SSO, you have to purchase and configure Atlassian Access, that allows to integrate Atlassian ID with an external SAML Identity Provider based on verified domains – if the domain is yours, and you have Access enabled and integrated with SAML IdP, the user from this domain will be send to the IdP for authentication. This used to mean that all agents from your domain will have to go via SAML IdP.

However Access now supports "Authentication Policies" (https://support.atlassian.com/security-and-access-policies/docs/understand-authentication-policies/) that can be used to allow some managed users to authenticate directly i.e. with Atlassian ID

JSM customers is another matter – they were always internal to the instance (not even Atlassian ID), i.e. if you had two Cloud sites, both with JSM - the same person would have to register twice (even if with the same email) and could have different passwords. This applies to people from your domain too, even if they have Atlassian ID account.

To let them use their Atlassian ID account (and thus follow Access policies e.g. SAML or 2FA) one needs to migrate a JSM customer to Atlassian ID (see https://support.atlassian.com/user-management/docs/manage-jira-service-management-customer-accounts/). Unfortunately this remains a manual admin process.

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.