Redirection Rules


Overview

Redirection Rules

Redirection Rules allow you to control how your users log into your Atlassian application. You can control which users see the login page vs. use SSO to login into your application. This can be managed using different parameters such as email address domain, groups, or user directory. We will learn more about configuring redirection rules in this section.

You can set up multiple rules and change the order in which they’ll be matched. The first rule satisfied by a user will decide if the user will be allowed to perform SSO and if yes, then which IDP he’ll be redirected to. You can also set up a default fallback rule in case none of the rules are satisfied.

Here’s an example of Redirect Rules

SAML single sign on

Based on this example: the user will be asked to enter his username or email on the login page. Once entered:

  1. The domain of the email address of the user will be checked. If the email address ends with @domain1.com the user will be redirected to IDP1 for SSO. If the domain doesn’t match then,
  2. The group of the user will be checked. If the user belongs to the jira-software-users group, he’ll be redirected to IDP2 for SSO. Else,
  3. The directory of the user will be checked. If the user belongs to the Jira Internal Directory user directory, he’ll be shown the login page and asked to enter credentials.
  4. If none of these conditions is specified, the user will be shown the login page.

How to Configure Redirection Rules

To configure redirection rules,

  1. Click on the Configure button below the miniOrange SAML SSO app listing on the Manage Apps window
  2. Proceed to SSO & Redirection Rules >> Redirection Rules
  3. Click on the Add Rule button.

Creating a New Rule

Here are the options required for creating a rule

SAML Single sign on


1. Rule Name:

This is a unique identifier of the rule. This field allows only alphanumeric characters.


2. Rule based on the Email Domain:

SAML Single sign on

If you select the email domain, you’ll be asked to enter the domain of the users who should be redirected to the selected IDP.


3. Rule based on the User’s Directory:

SAML Single sign on

If Directory is selected, you’ll be asked to select the user directory to which the user belongs to while creating a rule. If the user’s directory matches the configured one, the rule will be satisfied and the user will be redirected to the configured IDP.


4. Rule based on User’s Group:

SAML Single sign on

If Directory is selected, you’ll be asked to select the user directory to which the user belongs to while creating a rule. If the user’s group matches the configured one, the rule will be satisfied and the user will be redirected to the configured IDP.


Reordering the Rules

When the user enters the username on the login page, his username is processed against the order in which rules are added. To change the order you can use the up and down arrow on the Redirection Rules page.

The order of the Default Rule can’t be changed as it works as a fallback rule and always executes at the end

SAML Single sign on