7lv13 (7lv13) asked a question.
OKTA SPuser feature is not working
We have been using the okta and JIRA Server On-Prem authentication for about two years or so and for some reason the SPuser feature to allow the local admin accounts to bypass okta is not working. I have looked at the documents for the setup and all seems the same and nothing looks different from our initial setup but it still redirects our local admin accounts back through okta. Also confirmed these SPusers and SPgroups are still listed on the okta-config-jira.xml as well. Any suggestions?
okta-config-jira.xml entries:
Hello @7lv13 (7lv13),
Thank you for posting.
You can define which user will login using the login/pass by defining the line in the okta-config-jira.xml File:
If this section is defined, SP flow can be disabled for users, listed below. In this case, they will be forced to login using their login/pass.
<spUsers>
<username>user1</username>
<username>user2</username>
<username>user3</username>
</spUsers>
These lines will not be created by default in the okta-config-jira.xml file, you will have to define each line in the correct parameter accordingly to the Okta Jira Authenticator Configuration Guide
https://saml-doc.okta.com/Provisioning_Docs/Okta_Jira_Authenticator_Configuration_Guide
You can also add a specific group of admins/users that you will like to use the Jira login/pass by defining the following lines:
If this section is defined, SP flow can be disabled for users assigned to groups in Jira, listed below. In this case, they will be forced to login using their login/pass.
<spGroups>
<groupname>group1</groupname>
<groupname>group2</groupname>
<groupname>group3</groupname>
</spGroups>
Note: The above examples are not in the correct format, please follow the above KB for the correct lines.
The urlwrite rule and the permanent redirect from login.jsp will be ignored if the above lines are defined.
Regards,
Natalia
Okta Inc.