This article show what logging in with SAML looks like from the end user's perspective.
We assume that the application being logged into is Jira, with Microsoft Azure as the SAML identity provider. The user experience is very similar when using other Atlassian applications or other SAML providers.
Logging in with passwords
First, let's review Jira's out-of-the-box username and password login experience:
Users enter their username and password and click to log in. Jira then verifies the password, either by checking its local internal user directory, or more typically by delegating to an external user directory such as LDAP or Crowd.
Logging in with SAML
When SAML SSO is enabled, users no longer need to enter passwords into Jira. The standard dialog is replaced with the following:
After entering their username, users are now redirected to the correct SAML provider for authentication. In this case, the user 'john' is associated with Azure AD.
The user may also simply click the link "Log in with Azure AD", which redirects them directly to Azure AD. Azure AD then authenticates the user and redirects them back to Jira.
Let's visit the user's profile page. Observe how the Jira user avatar has now been updated to the Azure AD profile picture:
Returning SAML users
When a user returns to Jira and needs to log in, the redirect to Azure can happen automatically, with no need for user interaction:
If the user is already logged in to Azure AD (by accessing Microsoft 365 or other apps), then the authentication step is skipped, and the user is sent back to Jira where they are logged in.
Skipping the login page
If all users should be logging in with the same SAML provider anyway, you might consider skipping the login page entirely and instead redirect users directly to their SAML provider for authentication.
This skipping can be configured by editing the redirect mode of the provider.