Search Knowledge Base by Keyword


This guide describes the SAML integration process of WinKK Passport to be used as the Identity Provider for such services as Jira, Confluence and BitBucket.

Atlassian Initial Configurations

  1. Go to and register a new account or use an existing one.
  2. Create an organization, verify its domain and subscribe to Atlassian Access as described in the Before you begin section of the SAML single sign-on manual.

WinKK Passport Initial Configurations

  1. Open, login with your profile, and open the Applications tab.
  2. Add a new application
  • Name – doesn’t matter,
  • URL –,
  • Interface – SAML2,
  • Authentication type – doesn’t matter,
  • Audience and
  • ACS URL should be left blank.
  1. Click Save and leave this tab opened in a browser to view the created app’s identifier and fill the rest fields later:

Atlassian SAML Configurations

  1. Open the admin panel for the registered organization in
  2. Choose SAML single sign-on in the ATLASSIAN ACCESS section and provide the following SAML configs:
  • Identity provider Entity ID – Winkk Passport IdP
  • Identity provider SSO URL where YOUR_APP_ID is the identifier obtained in the previous section
  • Public x509 certificate – can be obtained at

WinKK Passport Final Configurations

  1. After the previous step, Atlassian will provide SP Entity ID and SP Assertion Consumer Service URL configs
  1. Return to the tab with the created application in WinKK Passport and fill:
  • Audience – with SP Entity ID from Atlassian
  • ACS URL – with SP Assertion Consumer Service URL from Atlassian
  1. Click Save.

Accounts Creation For SAML Authentications

  1. To proceed with SAML authentications a domain-based email address should be created for the registered organization.
  2. Create a new profile in the WinKK Passport mobile app with the domain-based email provided to perform authentications with it.
  3. Invite a user to be authenticated in Jira and Confluence with the created email at the admin page:, where the organization should be replaced with your own organization.
  4. BitBucket will suggest to sign up on the first login with domain-based email – do it if an account with the created email was not registered in BitBucket yet.
Was this article helpful?
How can we improve this article?

Leave a Reply

Your email address will not be published. Required fields are marked *