MicrosoftDocs
diff --git a/‎articles/active-directory/saas-apps/common/attribute-nameID.png
2.87 KB b/‎articles/active-directory/saas-apps/common/attribute-nameID.png
2.87 KB
diff --git a/‎articles/active-directory/saas-apps/common/attribute-review.png
2.78 KB b/‎articles/active-directory/saas-apps/common/attribute-review.png
2.78 KB
diff --git a/‎articles/active-directory/saas-apps/common/attribute-save.png
821 Bytes b/‎articles/active-directory/saas-apps/common/attribute-save.png
821 Bytes
diff --git a/‎articles/active-directory/saas-apps/common/attribute-select.png
3.69 KB b/‎articles/active-directory/saas-apps/common/attribute-select.png
3.69 KB
diff --git a/‎articles/active-directory/saas-apps/jiramicrosoft-tutorial.md
Lines changed: 34 additions & 20 deletions b/‎articles/active-directory/saas-apps/jiramicrosoft-tutorial.md
Lines changed: 34 additions & 20 deletions
diff --git a/‎articles/active-directory/saas-apps/media/jiramicrosoft-tutorial/claim-conditions.png
24.2 KB b/‎articles/active-directory/saas-apps/media/jiramicrosoft-tutorial/claim-conditions.png
24.2 KB
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 09/23/2022
+ms.date: 11/11/2022
 ms.author: dhivyag
 ---
 
@@ -30,7 +30,7 @@ Use your Microsoft Azure Active Directory account with Atlassian JIRA server to
 To configure Azure AD integration with JIRA SAML SSO by Microsoft, you need the following items:
 
 - An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
-- JIRA Core and Software 6.4 to 9.1.0 or JIRA Service Desk 3.0 to 4.22.1 should installed and configured on Windows 64-bit version.
+- JIRA Core and Software 6.4 to 8.22.1 or JIRA Service Desk 3.0 to 4.22.1 should be installed and configured on Windows 64-bit version.
 - JIRA server is HTTPS enabled.
 - Note the supported versions for JIRA Plugin are mentioned in below section.
 - JIRA server is reachable on the Internet particularly to the Azure AD login page for authentication and should able to receive the token from Azure AD.
@@ -51,7 +51,7 @@ To get started, you need the following items:
 
 ## Supported versions of JIRA
 
-* JIRA Core and Software: 6.4 to 9.1.0
+* JIRA Core and Software: 6.4 to 8.22.1.
 * JIRA Service Desk 3.0 to 4.22.1.
 * JIRA also supports 5.2. For more details, click [Microsoft Azure Active Directory single sign-on for JIRA 5.2](jira52microsoft-tutorial.md).
 
@@ -102,50 +102,64 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. On the **Basic SAML Configuration** section, perform the following steps:
 
-    a. In the **Sign-on URL** text box, type a URL using the following pattern:
-    `https://<domain:port>/plugins/servlet/saml/auth`
-
-    b. In the **Identifier** box, type a URL using the following pattern:
+    a. In the **Identifier** box, type a URL using the following pattern:
     `https://<domain:port>/`
 
-    c. In the **Reply URL** text box, type a URL using the following pattern:
+    b. In the **Reply URL** text box, type a URL using the following pattern:
+    `https://<domain:port>/plugins/servlet/saml/auth`
+
+	a. In the **Sign-on URL** text box, type a URL using the following pattern:
     `https://<domain:port>/plugins/servlet/saml/auth`
 
 	> [!NOTE]
-	> These values are not real. Update these values with the actual Identifier, Reply URL, and Sign-On URL. Port is optional in case it’s a named URL. These values are received during the configuration of Jira plugin, which is explained later in the tutorial.
+	> These values are not real. Update these values with the actual Identifier, Reply URL, and Sign-on URL. Port is optional in case it’s a named URL. These values are received during the configuration of Jira plugin, which is explained later in the tutorial.
 
 1. On the **Set up single sign-on with SAML** page, In the **SAML Signing Certificate** section, click copy button to copy **App Federation Metadata Url** and save it on your computer.
 
 	![Screenshot shows the Certificate download link.](common/copy-metadataurl.png "Certificate")
 
 1. The Name ID attribute in Azure AD can be mapped to any desired user attribute by editing the Attributes & Claims section.
 
-   > [!div class="mx-imgBorder"]
-   > ![Screenshot showing how to edit Attributes and Claims.](common/edit-attribute.png)
+   ![Screenshot showing how to edit Attributes and Claims.](common/edit-attribute.png)
 
     a. After clicking on Edit, any desired user attribute can be mapped by clicking on Unique User Identifier (Name ID).
 
-   > [!div class="mx-imgBorder"]
-   > ![Screenshot showing the NameID in Attributes and Claims.](common/attribute-nameID.png)
+   ![Screenshot showing the NameID in Attributes and Claims.](common/attribute-nameID.png)
 
     b. On the next screen, the desired attribute name like user.userprincipalname can be selected as an option from the Source Attribute dropdown menu.
 
-   > [!div class="mx-imgBorder"]
-   > ![Screenshot showing how to select Attributes and Claims.](common/attribute-select.png)
+   ![Screenshot showing how to select Attributes and Claims.](common/attribute-select.png)
 
     c. The selection can then be saved by clicking on the Save button at the top.
 
-   > [!div class="mx-imgBorder"]
-   > ![Screenshot showing how to save Attributes and Claims.](common/attribute-save.png)
+   ![Screenshot showing how to save Attributes and Claims.](common/attribute-save.png)
 
     d. Now, the user.userprincipalname attribute source in Azure AD is mapped to the Name ID attribute name in Azure AD which will be compared with the username attribute in Atlassian by the SSO plugin.
 
-   > [!div class="mx-imgBorder"]
-   > ![Screenshot showing how to review Attributes and Claims.](common/attribute-review.png)
+   ![Screenshot showing how to review Attributes and Claims.](common/attribute-review.png)
 
 	> [!NOTE]
 	> The SSO service provided by Microsoft Azure supports SAML authentication which is able to perform user identification using different attributes such as givenname (first name), surname (last name), email (email address), and user principal name (username). We recommend not to use email as an authentication attribute as email addresses are not always verified by Azure AD. The plugin compares the values of Atlassian username attribute with the NameID attribute in Azure AD in order to determine the valid user authentication.
 
+1. If your Azure tenant has **guest users** then follow the below configuration steps:
+ 
+	a. Click on **pencil** icon to go to the Attributes & Claims section.
+
+	![Screenshot showing how to edit Attributes and Claims.](common/edit-attribute.png)
+
+	b. Click on **NameID** on Attributes & Claims section.
+
+	![Screenshot showing the NameID in Attributes and Claims.](common/attribute-nameID.png)
+
+	c. Setup the claim conditions based on the User Type.
+
+	![Screenshot for claim conditions.](./media/jiramicrosoft-tutorial/claim-conditions.png)
+
+	>[!NOTE]
+	>  Give the NameID value as `user.userprinciplename` for Members and `user.mail` for External Guests.
+
+	d. **Save** the changes and verify the SSO for external guest users.
+
 ### Create an Azure AD test user
 
 In this section, you'll create a test user in the Azure portal called B.Simon.
@@ -235,7 +249,7 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 	> To enable the default login form for admin login on login page when force azure login is enabled, add the query parameter in the browser URL.
 	> `https://<domain:port>/login.jsp?force_azure_login=false`
 
-	k. **Enable Use of Application Proxy** checkbox, if you have configured your on-premise atlassian application in an App Proxy setup.
+	k. **Enable Use of Application Proxy** checkbox, if you have configured your on-premises atlassian application in an App Proxy setup.
 
 	* For App proxy setup , follow the steps on the [Azure AD App Proxy Documentation](../app-proxy/what-is-application-proxy.md).