Configuring the Forcepoint ONE SSE Identity Provider in the Atlassian Application

After you have added the application, you will need to configure the Atlassian application to use the Forcepoint ONE SSE Identity Provider for user authentication.

1. On the Forcepoint ONE SSE, navigate to Protect > Policies to access the applications' policies.
   
   
   
2. Click the Atlassian application tile.
3. On the Atlassian page, select the Setup Web SSO for the domain in question.
   
   
   

   The Atlassian Single Sign-On Setup page opens displaying required information needed while configuring Atlassian. Keep this page open.

   
   
   
4. On the Single Sign-On page you will see the Issuer/ID as well as the URL's you will need and a link to download the Assertion Signing Certificate. From the Atlassian Admin portal, navigate to Security > User Security > Identity Providers. Atlassian opens the Choose an identity provider page.
5. Locate the Other provider tile and click Choose.
   The Atlassian presents the Add identity provider directory section.

   
   
   
6. Enter a unique value for the Identity provider Directory name and click Add.
   
   
   
7. On the Authenticate users section, click Set up SAML single sign-on.
   
   
   

   Atlassian presents the Before you begin section.

8. Click Next.
   Atlassian presents the Add SAML details section.
9. On the Add SAML details section, enter the corresponding URLs from the Forcepoint ONE SSE Atlassian application Single Sign-On Setup page opened in Step 3.
   • Copy Issuer/ID field to Identity provider Entity ID.
   • Copy Login URL to Identity provider SSO URL.
   • Download the Assertion Signing Certificate and open it in a text editor. Copy the text to Public x509 certificate and then click Next.
     
     
     

   Atlassian presents the Copy URLs to your identity provider section. Keep this page open.

10. Return to Forcepoint ONE SSE and navigate to the Protect > Policies page:
    1. Click the Atlassian application tile to open the application configuration.
    2. Locate the App SSO section and click Setup to open the Atlassian SSO Config page.
       
       
       
11. Return to the Atlassian Administration portal and navigate Security > User Security > Identity providers. Atlassian presents the Choose an identity provider page.
12. Click the identity provider name under the Directory name.
    
    
    
13. Locate the Settings > Authentication section and click View SAML Configuration.
    
    
    
14. Locate the Copy service provider URLs section and copy the URLs from Atlassian to the Forcepoint ONE SSE App SSO settings in step 10.
    
    
    

    
    
    

    • Copy Service provider entity URL to SP (Application) Entity ID.
    • Copy Service provider assertion consumer service URL to Single Sign On URL.
    • Enable Force IdP Authentication
    • Enable Redirect to URL in RelayState
15. Click Save.
16. Configure access and DLP policy for the application. You can provide policy control over data being downloaded or uploaded.

    See the Proxy Policy Actions to learn more about policy actions.

    
    
    
    Note: Due to a known bug with Confluence and the Export to Word feature (bug issue documented here on Atlassian's site), Forcepoint ONE SSE is unable to properly support encryption of Export to Word files until they resolve their bug.