Skip to content

Commit dcbe824

Browse files
harshal-perennialharshal-perennial
authored
Update jiramicrosoft-tutorial.md
Added step 6 and its sub-steps which help readers to map Claims and Attributes in Configure Azure AD SSO. Also added security footnote which came in as a Threat Model Review outcome.
1 parent 2bc8dad commit dcbe824

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

articles/active-directory/saas-apps/jiramicrosoft-tutorial.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,32 @@ Follow these steps to enable Azure AD SSO in the Azure portal.
118118

119119
![The Certificate download link](common/copy-metadataurl.png)
120120

121+
122+
123+
124+
1. The Name ID attribute in Azure AD can be mapped to any desired user attribute by editing the Attributes & Claims section.
125+
126+
![Edit Attributes and Claims](common/edit-attribute.png)
127+
128+
a. After clicking on Edit, any desired user attribute can be mapped by clicking on Unique User Identifier (Name ID).
129+
130+
![NameID in Attributes and Claims](common/attribute-nameID.png)
131+
132+
b. On the next screen, the desired attribute name like user.userprincipalname can be selected as an option from the Source Attribute dropdown menu.
133+
134+
![Select Attributes and Claims](common/attribute-select.png)
135+
136+
c. The selection can then be saved by clicking on the Save button at the top.
137+
138+
![Save Attributes and Claims](common/attribute-save.png)
139+
140+
d. Now, the user.userprincipalname attribute source in Azure AD is mapped to the Name ID attribute name in Azure AD which will be compared with the username attribute in Atlassian by the SSO plugin.
141+
142+
![Review Attributes and Claims](common/attribute-review.png)
143+
144+
> [!NOTE]
145+
> The SSO service provided by Microsoft Azure supports SAML authentication which is able to perform user identification using different attributes such as givenname (first name), surname (last name), email (email address), and user principal name (username). We recommend not to use email as an authentication attribute as email addresses are not always verified by Azure AD. The plugin compares the values of Atlassian username attribute with the NameID attribute in Azure AD in order to determine the valid user authentication.
146+
121147
### Create an Azure AD test user
122148

123149
In this section, you'll create a test user in the Azure portal called B.Simon.

0 commit comments

Comments
 (0)