Atlassian–Common Access Card Integration

RightStar’s PKISSO AREA Connector is a solution that allows users to easily access secure Atlassian applications by authenticating them from credentials extracted from Common Access Cards (CAC), PIV, PKI client certificates or external Single Sign On (SSO) systems, such as CA SiteMinder.

Features include:

  • Capture, exchange, and synchronize data from a CAC government issued smart card
  • Low cost migration from passwords to PKI or SSO based authentication

PKISSO AREA Connector meets DoD Directive 8520.2 for Public Key Infrastructure and Public Key Enabling, and the DoD Common Access Card program.


With the ability to authenticate CAC/PIV/PKI/SSO users, service desk managers can further leverage their existing investment in Atlassian products to meet government security requirements. Additional benefits include:

  • Single sign-on service. The integration simplifies the user authentication experience and reduces the cost of managing multiple passwords.
  • Easy to deploy, use and maintain. RightStar’s PKISSO AREA Connector can be installed from the Atlassian Marketplace and typically requires less than 4 hours for installation. It also requires little to no maintenance after installation.

Technical Approach

RightStar’s PKI AREA Connector is strictly for Atlassian server-based applications. Inserting the CAC card into the card reader loads a PKI certificate into the user’s web browser session. Upon navigating to the Atlassian application, the user is prompted to submit a certificate to access the site. Once the server receives the certificate, it parses the user information from it. Alternatively, if SSO-based authentication is used, the system parses the user information from the passed HTTP header, variable or token. If a valid user is found, the system authenticates using a key specified at the time the application is installed.


  • Atlassian server-based product: Jira, Jira Core, or Jira Service Desk
    Coming soon! Confluence, Bitbucket, Bamboo, Fisheye/Crucible
  • If using a PKI-based authentication architecture (PKI/CAC/PIV), then the web server that hosts the Atlassian application must be configured to either require or accept HTTPS and PKI client certificates prior to installation.

Find out more