Confluence Server

With Privileged Access Service, you can choose single-sign-on (SSO) access to the Confluence web application with SP-initiated SAML SSO for SSO access directly through the Confluence web application). Enabling both methods ensures that users can log in to Confluence Server in different situations such as clicking through a notification email.

Confluence does not support SAML, but it accepts a custom plugin for individual companies to modify the authentication process to their own needs, including implement Single Sign-On. A custom plugin is a set of .jar files that are implemented using Atlassian's Seraph library, and will be deployed in the Confluence Server. A system administrator must change the Confluence configuration to use the plugin.

For more information about Single Sign-on Integration with JIRA and Confluence, see: https://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence

With Centrify Confluence SAML plugin deployed in Confluence Server, any unauthenticated access to Confluence resources will be redirected to Centrify Admin Portal for authentication. After that, users will be redirected back to the requested resources.

Centrify Confluence SAML plugin has been tested in Confluence Server versions 5.6.6 and 6.1.2.

If Confluence is the first application you are configuring for SSO through Privileged Access Service, read these topics before you get started:

Confluence Server SSO requirements

Before you configure the Confluence Server web application for SSO, you need the following:

  • A Confluence Server (On-Premise).
  • A system administrator account to the Confluence Server computer to deploy and configure the plugin.

Configuring Confluence Server in Admin Portal

Downloading the Centrify Confluence SAML plugin and signing certificate

Deploying and configuring Confluence SAML plugin in Confluence Server

This section requires a system administrator to place new files in the Confluence Server file system and modify Confluence configuration files. Note that this is a system administrator to the server hosting Confluence, not a Confluence (application) administrator.

Note:   These instructions assume:

  • Confluence on Windows.
  • Your Confluence Server is installed at: C:\Program Files\Atlassian\Confluence.

For more information about Confluence Server

Confluence Server specifications

Each SAML application is different. The following table lists features and functionality specific to Confluence Server.

Capability

Supported?

Support details

Web browser client

Yes

 

Mobile client

No

 

SAML 2.0

Yes

 

SP-initiated SSO

Yes

 

IdP-initiated SSO

Yes

 

Force user login via SSO only

Yes

 

Separate administrator login
after SSO is enabled

No

 

User or Administrator lockout risk

Yes

Because SP-initiated SSO always redirects users to Centrify and disables the function of Confluence login pages, users run the risk of being locked out of Confluence.

Automatic user provisioning

No

 

Multiple User Types

Yes

SSO works the same way for all admin and non-admin user types.

Self-service password

Yes

Users can reset their own passwords. Resetting another user’s password requires administrator rights.

Access restriction using a corporate IP range

Yes

You can specify an IP Range in the Admin Portal Policy page to restrict access to the application.