• Documentation

We’re renaming ‘products’ to ‘apps’

Atlassian 'products’ are now ‘apps’. You may see both terms used across our documentation as we roll out this terminology change. Here’s why we’re making this change

Configure SAML single logout for Okta

Who can do this?
Role: Organization admin
Atlassian Cloud: Atlassian Guard Standard
Atlassian Government Cloud: Available

 

Before you begin

Before you can enable SAML single logout for Okta, make sure you’ve completed the following steps:

Connect to your Atlassian organization with an Okta identity provider

Configure SAML for users to authenticate with single sign-on

Understand SAML single logout

Single logout is only available for the Okta identity provider

Atlassian supports app-initiated single logout only for the Okta identity provider.

What is app-initiated single logout?

App-initiated single logout means that when a user logs out of an Atlassian app, such as Jira, they are also logged out of your Okta identity provider in a single action. This helps prevent unauthorized access to your Atlassian organization’s data.

Enable app-initiated single logout

Once you’ve connected your Okta identity provider to Atlassian and configured SAML for single sign-on, you can enable app-initiated single logout.

To enable app-initiated single logout:

  1. Go to admin.atlassian.com and select your organization if you have more than one.

  2. Select Security > Identity providers.

  3. Select your Okta directory.

  4. Select Authentication > View authentication configuration.

  5. Under Single logout, select Enable.

  6. Download the signature certificate and upload it to Okta.

  7. Copy the logout URL from your Okta identity provider and paste it into the logout URL field.

Edit app-initiated single logout

You may need to update your single logout URL to maintain a secure connection.

To edit app-initiated single logout:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Identity providers.

  3. Select your Okta directory.

  4. Select View authentication configuration.

  5. Select Single logout.

  6. Copy the logout URL from your Okta identity provider and paste it to the logout URL field.

Refresh public certificate for app-initiated single logout

When you refresh a public certificate, you no longer log users out from both Atlassian and Okta. You must download the certificate and then upload it to Okta to enable single logout.

To refresh the public certificate for app-initiated single logout:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Identity providers.

  3. Select your Okta directory.

  4. Select View authentication configuration.

  5. Select Single logout.

  6. Select menu […] Refresh certificate.

  7. Download the signature certificate and then upload it to Okta.

Delete app-initiated single logout

When you delete your app-initiated single logout configuration, we no longer log users out from both Atlassian and your Okta identity provider with a single action.

To delete app-initiated single logout:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. Select Security > Identity providers.

  3. Select your Okta directory.

  4. Select View authentication configuration.

  5. Select Single logout.

  6. Select menu […] Delete app-initiated logout.

 

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageBefore you beginSingle logout is only available for the Okta identity providerWhat is app-initiated single logout?Enable app-initiated single logoutEdit app-initiated single logoutRefresh public certificate for app-initiated single logoutDelete app-initiated single logout
CommunityQuestions, discussions, and articles