2 Step Login

Redirect to specific SAML identity providers based on email domain, user directory or group memberships.
10/09/2019 - sso, saml

Many organization have multiple user groups with various login requirements. While SSO to Atlassian application is typically setup as the default login mechanism for most users, it is also commonly necessary to give user who are not a part of the corporate user databases (for example external consultants, system admins and interns) access. 2 Step Login allow you to align one or more SAML identity providers with traditional and native username / password login.

User experience

When 2 Step Login is set up, users are asked to type their username but not the password in the login form. Then based on properties of the particular user, he or she is redirected to the relevant SAML identity provider or simply asked to type the built-in password.

Redirect modes

The following three redirect modes are available for 2 Step Login in the Kantega SSO Enterprise app:

  • Email domain - Redirect user based on the domain part of their provided username.
  • User directory - Redirect user based on the user directory they are stored.
  • Group memberships - Redirect user based on the groups they are members of.

2 Step Login is enabled and configured in the Redirect mode page in the identity provider setting. The following video demonstrates both how to setup this and this plays out in practice for the users.

You might also like

Multi-factor authentication

Multi-Factor Authentication (MFA) verifies a user’s identity by requiring multiple credentials. In addition to username and password, MFA requires additional credentials, such as a code from the user’s smartphone, or a fingerprint.
23/10/2019 - sso, saml, mfa

Login to Atlassian without passwords

Nobody likes passwords. They are inconvenient, expensive and noisy friction in our workday. With Kerberos you can remove this friction and automatically authenticate users accessing Atlassian applications.
16/08/2019 - sso, kerberos