MicrosoftDocs
diff --git a/‎articles/active-directory/saas-apps/atlassian-cloud-tutorial.md
Lines changed: 57 additions & 69 deletions b/‎articles/active-directory/saas-apps/atlassian-cloud-tutorial.md
Lines changed: 57 additions & 69 deletions
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/admin.png
93.6 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/admin.png
93.6 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/attributes.png
11 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/attributes.png
11 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/azure.png
76.4 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/azure.png
76.4 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/certificate-download.png
36.8 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/certificate-download.png
36.8 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/claims.png
38.6 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/claims.png
38.6 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/configuration-azure.png
32.8 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/configuration-azure.png
32.8 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/configuration.png
59.5 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/configuration.png
59.5 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/configure.png
23.3 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/configure.png
23.3 KB
diff --git a/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/final-attributes.png
8.66 KB b/‎articles/active-directory/saas-apps/media/atlassian-cloud-tutorial/final-attributes.png
8.66 KB
@@ -9,7 +9,7 @@ ms.service: active-directory
 ms.subservice: saas-app-tutorial
 ms.workload: identity
 ms.topic: tutorial
-ms.date: 05/17/2021
+ms.date: 06/30/2021
 ms.author: jeedes
 ---
 # Tutorial: Integrate Atlassian Cloud with Azure Active Directory
@@ -24,7 +24,7 @@ In this tutorial, you'll learn how to integrate Atlassian Cloud with Azure Activ
 
 To get started, you need the following items:
 
-* An Azure AD subscription. If you don't have a subscription, you can get one-month free trial [here](https://azure.microsoft.com/pricing/free-trial/).
+* An Azure AD subscription. If you don't have a subscription, you can get a [free account](https://azure.microsoft.com/free/).
 * Atlassian Cloud single sign-on (SSO) enabled subscription.
 * To enable Security Assertion Markup Language (SAML) single sign-on for Atlassian Cloud products, you need to set up Atlassian Access. Learn more about [Atlassian Access]( https://www.atlassian.com/enterprise/cloud/identity-manager).
 
@@ -38,7 +38,7 @@ In this tutorial, you configure and test Azure AD SSO in a test environment.
 * Atlassian Cloud supports **SP and IDP** initiated SSO.
 * Atlassian Cloud supports [Automatic user provisioning and deprovisioning](atlassian-cloud-provisioning-tutorial.md).
 
-## Adding Atlassian Cloud from the gallery
+## Add Atlassian Cloud from the gallery
 
 To configure the integration of Atlassian Cloud into Azure AD, you need to add Atlassian Cloud from the gallery to your list of managed SaaS apps.
 
@@ -55,13 +55,13 @@ Configure and test Azure AD SSO with Atlassian Cloud using a test user called **
 
 To configure and test Azure AD SSO with Atlassian Cloud, perform the following steps:
 
-1. **[Configure Azure AD with Atlassian Cloud SSO](#configure-azure-ad-sso)** - to enable your users to use Azure AD based SAML SSO with Atlassian Cloud.
+1. **[Configure Azure AD with Atlassian Cloud SSO](#configure-azure-ad-with-atlassian-cloud-sso)** - to enable your users to use Azure AD based SAML SSO with Atlassian Cloud.
     1. **[Create an Azure AD test user](#create-an-azure-ad-test-user)** - to test Azure AD single sign-on with B.Simon.
     1. **[Assign the Azure AD test user](#assign-the-azure-ad-test-user)** - to enable B.Simon to use Azure AD single sign-on.
 1. **[Create Atlassian Cloud test user](#create-atlassian-cloud-test-user)** - to have a counterpart of B.Simon in Atlassian Cloud that is linked to the Azure AD representation of user.
 1. **[Test SSO](#test-sso)** - to verify whether the configuration works.
 
-### Configure Azure AD SSO
+## Configure Azure AD with Atlassian Cloud SSO
 
 Follow these steps to enable Azure AD SSO in the Azure portal.
 
@@ -75,88 +75,77 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
 1. If you want to setup Atlassian Cloud manually, log in to your Atlassian Cloud company site as an administrator and perform the following steps.
 
-1. Before you start go to your Atlassian product instance and copy/save the Instance URL
+1. Before you start go to your Atlassian product instance and copy/save the Instance URL.
    > [!NOTE]
-   > url should fit `https://<instancename>.atlassian.net` pattern
+   > url should fit `https://<INSTANCE>.atlassian.com` pattern.
 
-   ![instance name](./media/atlassian-cloud-tutorial/get-atlassian-instance-name.png)
+   ![Instance Name](./media/atlassian-cloud-tutorial/instance.png)
 
-1. Open the [Atlassian Admin Portal](https://admin.atlassian.com/) and click on your organization name
+1. Open the [Atlassian Admin Portal](https://admin.atlassian.com/) and click on your organization name.
 
-   ![organization](./media/atlassian-cloud-tutorial/click-on-organization-in-atlassian-access.png)
+   ![Admin Portal](./media/atlassian-cloud-tutorial/organization.png)
 
 1. You need to verify your domain before going to configure single sign-on. For more information, see [Atlassian domain verification](https://confluence.atlassian.com/cloud/domain-verification-873871234.html) document.
-1. From the Atlassian Admin Portal Screen select **Security** from the left drawer
 
-   ![security](./media/atlassian-cloud-tutorial/click-on-security-in-atlassian-access.png)
+1. In the **ATLASSIAN Admin** portal, navigate to **Security** tab, select **SAML single sign-on** and click **Add SAML configuration**.
 
-1. From the Atlassian Admin Portal Security Screen select **SAML single sign** on from the left drawer
+   ![Security](./media/atlassian-cloud-tutorial/admin.png)
 
-   ![saml sso](./media/atlassian-cloud-tutorial/click-on-saml-sso-in-atlassian-access-security.png)
+1. In the **Add SAML configuration** section, fill the required fields which you have copied from the Azure portal and click **Save configuration**.
 
-1. Click on **Add SAML Configuration** and keep the page open
-
-   ![Add SAML Configuration](./media/atlassian-cloud-tutorial/saml-configuration-in-atlassian-access-security-saml-sso.png)
-
-   ![Add SAML Configuration 2](./media/atlassian-cloud-tutorial/add-saml-configuration.png)
+   ![Add SAML Configuration](./media/atlassian-cloud-tutorial/configuration.png)
 
 1. In the Azure portal, on the **Atlassian Cloud** application integration page, find the **Manage** section and select **Set up single sign-on**.
 
-   ![set up sso](./media/atlassian-cloud-tutorial/set-up-sso.png)
+   ![Set up sso](./media/atlassian-cloud-tutorial/set-up.png)
 
 1. On the **Select a Single sign-on method** page, select **SAML**.
 
-   ![saml in azure](./media/atlassian-cloud-tutorial/saml-in-azure.png)
+   ![SAML in azure](./media/atlassian-cloud-tutorial/azure.png)
 
-1. On the **Set up Single Sign-On with SAML** page, scroll down to **Set Up Atlassian Cloud**
+1. On the **Set up Single Sign-On with SAML** page, scroll down to **Set Up Atlassian Cloud**.
 
-   a. Click on **Configuration URLs**
+   a. Click on **Configuration URLs**.
 
-   ![urls](./media/atlassian-cloud-tutorial/configuration-urls.png)
+   ![Single Sign-On](./media/atlassian-cloud-tutorial/configure.png)
 
-   b. Copy **Azure AD Identifier** value from Azure portal, paste it in the **Identity Provider Entity ID** textbox in Atlassian
+   b. Copy **Azure AD Identifier** value from Azure portal, paste it in the **Identity Provider Entity ID** textbox in Atlassian.
 
-   c. Copy **Login URL** value from Azure portal, paste it in the **Identity Provider SSO URL** textbox in Atlassian
+   c. Copy **Login URL** value from Azure portal, paste it in the **Identity Provider SSO URL** textbox in Atlassian.
 
-   ![Identity Provider SSO URL](./media/atlassian-cloud-tutorial/configuration-urls-azure.png)
+   ![Identity Provider SSO URL](./media/atlassian-cloud-tutorial/configuration-azure.png)
 
-   ![entity id and ss](./media/atlassian-cloud-tutorial/entity-id-and-ss.png)
+   ![Entity id](./media/atlassian-cloud-tutorial/login.png)
 
 1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, find **Certificate (Base64)** and select **Download** to download the certificate and save it on your computer.
 
    ![signing Certificate](./media/atlassian-cloud-tutorial/certificate.png)
 
-   ![Certificate 1](./media/atlassian-cloud-tutorial/certificate-1.png)
+   ![Certificate 1](./media/atlassian-cloud-tutorial/certificate-download.png)
 
-1. **Add/Save** the SAML Configuration in Atlassian
+1. **Add** and **Save** the SAML Configuration in Atlassian.
 
-1. If you wish to configure the application in **IDP** initiated mode, edit the **Basic SAML Configuration** section of the **Set up Single Sign-On with SAML** page in Azure and open the **SAML single sign-on page** on the Atlassian Admin Portal
+1. On the **Basic SAML Configuration** section, perform the following steps.
 
-   a. Copy **SP Entity ID** value from Atlassian, paste it in the **Identifier (Entity ID)** box in Azure and set it as default
+   a. Copy **SP Entity ID** value from Atlassian, paste it in the **Identifier (Entity ID)** box in Azure and set it as default.
 
-   b. Copy **SP Assertion Consumer Service URL** value from Atlassian, paste it in the **Reply URL (Assertion Consumer Service URL)** box in Azure and set it as default
+   b. Copy **SP Assertion Consumer Service URL** value from Atlassian, paste it in the **Reply URL (Assertion Consumer Service URL)** box in Azure and set it as default.
 
-   c. Copy your **Instance URL** value, which you copied at step 1 and paste it in the **Relay State** box in Azure
-
-   ![copy urls](./media/atlassian-cloud-tutorial/copy-urls.png)
+   c. Copy your **Instance URL** value, which you copied at step 4 and paste it in the **Relay State** box in Azure.
 
-   ![edit button](./media/atlassian-cloud-tutorial/edit-button.png)
-
-   ![urls image](./media/atlassian-cloud-tutorial/urls.png)
-   
-1. If you wish to configure the application in **SP** initiated mode, edit the **Basic SAML Configuration** section of the **Set up Single Sign-On with SAML** page in Azure. Copy your **Instance URL** (from step 1)  and paste it in the **Sign On URL** box in Azure
+   ![Copy URLs](./media/atlassian-cloud-tutorial/values.png)
 
-   ![edit button in urls](./media/atlassian-cloud-tutorial/edit-button.png)
+   ![Button](./media/atlassian-cloud-tutorial/edit-button.png)
 
-   ![sign-on url](./media/atlassian-cloud-tutorial/sign-on-URL.png)
+   ![URLs image](./media/atlassian-cloud-tutorial/image.png)
 
 1. Your Atlassian Cloud application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. You can edit the attribute mapping by clicking on **Edit** icon. 
 
    ![attributes](./media/atlassian-cloud-tutorial/edit-attribute.png)
 
-   1. Attribute mapping for an Azure AD tenant with a Microsoft 365 license
+   1. Attribute mapping for an Azure AD tenant with a Microsoft 365 license.
 
-      a. Click on the **Unique User Identifier (Name ID)** claim
+      a. Click on the **Unique User Identifier (Name ID)** claim.
 
       ![attributes and claims](./media/atlassian-cloud-tutorial/user-attributes-and-claims.png)
 
@@ -166,25 +155,34 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
 
       c. The final attribute mappings should look as follows.
 
-      ![image 2](./media/atlassian-cloud-tutorial/default-attributes-1.png)
+      ![image 2](./media/atlassian-cloud-tutorial/attributes.png)
 
-   1. Attribute mapping for an Azure AD tenant without a Microsoft 365 license 
+   1. Attribute mapping for an Azure AD tenant without a Microsoft 365 license. 
 
       a. Click on the `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` claim.
 
-      ![image 3](./media/atlassian-cloud-tutorial/email-address.png)
+      ![image 3](./media/atlassian-cloud-tutorial/claims.png)
 
       b. While Azure does not populate the **user.mail** attribute for users created in Azure AD tenants without Microsoft 365 licenses and stores the email for such users in **userprincipalname** attribute. Atlassian Cloud expects the **nameidentifier** (**Unique User Identifier**) to be mapped to the user's email (**user.userprincipalname**).  Edit the **Source attribute**  and change it to **user.userprincipalname**. Save the changes to the claim.
 
-      ![set email](./media/atlassian-cloud-tutorial/set-email.png)
+      ![Set email](./media/atlassian-cloud-tutorial/save-claims.png)
 
       c. The final attribute mappings should look as follows.
 
-      ![image 4](./media/atlassian-cloud-tutorial/default-attributes-2.png)
+      ![image 4](./media/atlassian-cloud-tutorial/final-attributes.png)
+
+1. To enforce SAML single sign-on in an authentication policy, perform the following steps.
+
+   a.	From the **Atlassian Admin** Portal, select **Security** tab and click **Authentication policies**.
+
+   b.	Select **Edit** for the policy you want to enforce. 
+
+   c.	In **Settings**, enable the **Enforce single sign-on** to their managed users for the successful SAML redirection. 
+
+   d.	Click **Update**. 
+
+      ![Authentication policies](./media/atlassian-cloud-tutorial/policy.png) 
 
- > [!NOTE]
- > You can set multiple security policies by selecting **Authentication policies** option from the left drawer. An authentication policy allows you to specify authentication settings for different sets of users and configurations in your organization. It verifies that users who access the Atlassian organization are genuine. For more information, please refer [Authentication policies](https://support.atlassian.com/security-and-access-policies/docs/understand-authentication-policies/).
-     
 ### Create an Azure AD test user
 
 In this section, you'll create a test user in the Azure portal called B.Simon.
@@ -211,24 +209,15 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
 
 ### Create Atlassian Cloud test user
 
-To enable Azure AD users to sign in to Atlassian Cloud, provision the user accounts manually in Atlassian Cloud by doing the following:
-
-1. In the **Administration** pane, select **Users**.
-
-    ![The Atlassian Cloud Users link](./media/atlassian-cloud-tutorial/tutorial-atlassiancloud-14.png)
+To enable Azure AD users sign in to Atlassian Cloud, provision the user accounts manually in Atlassian Cloud by doing the following steps:
 
-1. To create a user in Atlassian Cloud, select **Invite user**.
+1. Go to **Products** tab, select **Users** and click **Invite users**.
 
-    ![Create an Atlassian Cloud user](./media/atlassian-cloud-tutorial/tutorial-atlassiancloud-15.png)
+    ![The Atlassian Cloud Users link](./media/atlassian-cloud-tutorial/users.png)
 
-1. In the **Email address** box, enter the user's email address, and then assign the application access.
+1. In the **Email address** textbox, enter the user's email address, and then click **Invite user**.
 
-    ![Atlassian Cloud user](./media/atlassian-cloud-tutorial/tutorial-atlassiancloud-16.png)
-
-1. To send an email invitation to the user, select **Invite users**. An email invitation is sent to the user and, after accepting the invitation, the user is active in the system.
-
-> [!NOTE]
-> You can also bulk-create users by selecting the **Bulk Create** button in the **Users** section.
+    ![Create an Atlassian Cloud user](./media/atlassian-cloud-tutorial/invite-users.png)
 
 ### Test SSO
 
@@ -242,11 +231,10 @@ In this section, you test your Azure AD single sign-on configuration with follow
 
 #### IDP initiated:
 
-* Click on **Test this application** in Azure portal and you should be automatically signed in to the Atlassian Cloud for which you set up the SSO 
+* Click on **Test this application** in Azure portal and you should be automatically signed in to the Atlassian Cloud for which you set up the SSO. 
 
 You can also use Microsoft My Apps to test the application in any mode. When you click the Atlassian Cloud tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the Atlassian Cloud for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](../user-help/my-apps-portal-end-user-access.md).
 
-
 ## Next steps
 
 Once you configure Atlassian Cloud you can enforce session control, which protects exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).