We’re renaming ‘products’ to ‘apps’

Atlassian 'products’ are now ‘apps’. You may see both terms used across our documentation as we roll out this terminology change. Here’s why we’re making this change

What is SAML single logout?

SAML (Security Assertion Markup Language) is a protocol used for single sign-on (SSO) and forms the foundation for single logout which extends SAML's capabilities to session termination across apps.

SAML single logout allows users to be logged out from both the identity provider (IdP) and all connected service providers (apps) with a single action. This means that when a user logs out of one app, such as Jira, they are automatically logged out of the identity provider (like Okta) and all other apps that rely on the same identity session.

Single logout provides the following security and usability benefits:

Prevents unauthorized access to data in Atlassian apps.
Users don’t have to remember to log out from every app individually.

How single logout works at Atlassian

When you configure single logout, here’s how it works with Atlassian apps:

A user logs into Atlassian using Okta as the IdP and accesses these apps:

Jira
Confluence
Bitbucket

When the user logs out of Jira, Jira initiates the logout process:

Jira notifies Okta that the user has logged out.
Okta ends the user session.
Okta sends logout requests to Confluence and Bitbucket.
The user is now logged out from all three apps.

Without single logout, the user would remain logged into the other apps unless they manually log out from each one.

Single logout available for Okta identity provider

Atlassian supports app-initiated single logout only for the Okta identity provider. Configure SAML single logout for Okta

Was this helpful?

It wasn't accurateIt wasn't clearIt wasn't relevant

Still need help?

The Atlassian Community is here for you.

Ask the Community