Example of login screen to Atlassian Jira with the text Welcome to Jira with username field and a next button

2 Step Login

Redirect to specific SAML identity providers based on email domain, user directory or group memberships.

Many organizations have multiple user groups with various login requirements. While SSO to Atlassian application is typically setup as the default login mechanism for most users, it is also commonly necessary to give user who are not a part of the corporate user databases (for example external consultants, system admins and interns) access. 2 Step Login allow you to align one or more SAML identity providers with traditional and native username / password login.

User experience

When 2 Step Login is set up, users are asked to type their username but not the password in the login form. Then based on properties of the particular user, he or she is redirected to the relevant SAML identity provider or simply asked to type the built-in password.

Redirect modes

The following three redirect modes are available for 2 Step Login in the Kantega SSO Enterprise app:

  • Email domain - Redirect user based on the domain part of their provided username.
  • User directory - Redirect user based on the user directory they are stored.
  • Group memberships - Redirect user based on the groups they are members of.

2 Step Login is enabled and configured in the Redirect mode page in the identity provider setting. The following video demonstrates both how to setup this and this plays out in practice for the users.


Similar posts