1Kosmos integrates with Trello Enterprise as a SAML 2.0 identity provider through Atlassian Guard, enabling biometric passwordless access to Trello boards and workspaces.
Integration type
SSO
Updated
Overview
Trello Enterprise SSO is configured through Atlassian Guard Standard, not as a standalone integration. Administrators link Trello to an Atlassian organization, verify their domain, and configure 1Kosmos as the SAML identity provider in the Atlassian Admin Console. Once enabled, biometric authentication applies to all Atlassian products (Trello, Jira, Confluence) for users on the claimed domain.
The 1Kosmos + Trello integration requires linking the Trello Enterprise account to an Atlassian organization, verifying the organization's email domain, and then configuring 1Kosmos as the SAML identity provider in the Atlassian Admin Console.
Once configured, the SAML SSO policy applies to all Atlassian accounts with email addresses on the claimed domain, including Trello users. The SAML configuration steps for Trello follow the same path as the Atlassian integration.
The Atlassian Cloud SAML application (not legacy Trello-specific SSO apps) is used for all SAML configurations with Atlassian Guard Standard. The SP Entity ID and ACS URL are provided by the Atlassian Admin Console after the SAML SSO configuration is initiated.
Prerequisites
Active 1Kosmos tenant: Administrator access to the AdminX portal. Contact 1kosmos.com/contact if not yet provisioned.
Trello Enterprise license: Admin access to both the Trello Enterprise admin console and an Atlassian organization. The Trello Enterprise must be linked to an Atlassian organization.
Atlassian Guard Standard subscription: Required for SAML SSO enforcement. Each Trello Enterprise license includes an Atlassian Guard Standard license for that user.
Verified domain: The organization's email domain must be claimed and verified in the Atlassian Admin Console before SAML SSO can be configured.
1Kosmos mobile app installed: Users must have the app on iOS or Android with biometrics enrolled before testing.
Configuration values
Values to collect from 1Kosmos AdminX (IdP) for Trello / Atlassian:
Field | Where to find it |
|---|---|
SSO Login URL (Identity provider SSO URL) | AdminX → Settings → IdP Configuration → Single SignOn Service URL |
IdP Entity ID (Identity provider Entity ID) | AdminX → Settings → IdP Configuration → Core Configuration |
Public x509 Certificate | AdminX → Settings → IdP Configuration → View Certificate → Public Key |
Atlassian SP values for AdminX (provided during SAML setup in Atlassian Admin):
Field | Where to find it |
|---|---|
SP Entity ID | Atlassian Admin Console → Security → Identity Providers → Set up SAML single sign-on → SP Entity ID field |
ACS URL | Same SAML setup screen → Assertion Consumer Service URL field |
Integration steps
Step 1: Link Trello Enterprise to an Atlassian organization
Log in to the Trello Enterprise admin console and navigate to Settings.
Click the option to link to an Atlassian organization. Select the appropriate organization and confirm the link. You must be an admin in both the Trello Enterprise and the Atlassian organization to complete this step.
Step 2: Verify your domain in Atlassian Admin
Log in to https://admin.atlassian.com and navigate to your organization.
Under Security → Domains, add your organization's email domain and complete DNS TXT record verification. Wait for domain verification to complete before proceeding.
Step 3: Configure SAML SSO in Atlassian Admin
In https://admin.atlassian.com, navigate to Security → Identity Providers.
Click Add identity provider, select Other (or your SAML provider type), and enter a directory name.
On the SAML SSO setup screen, note the SP Entity ID and ACS URL. Use these for AdminX in the next step.
Enter the 1Kosmos IdP SSO URL, IdP Entity ID, and paste the 1Kosmos public certificate. Save the configuration.
Step 4: Add the Atlassian SAML application in AdminX
Log in to the AdminX portal and navigate to Applications → Add Application.
Select SAML 2.0 Generic and click Add integration. Enter "Trello (Atlassian)" as the Application Name and https://trello.com as the Application Access URL.
Set NameID Format to
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressand NameID Value to email. Add claims for email, first name, and last name. Enable Assertion signing.Enter the Atlassian SP Entity ID and ACS URL. Click Save.
Step 5: Enforce SSO via authentication policy
In https://admin.atlassian.com, navigate to Security → Authentication Policies.
Edit the default policy or create a new policy and enable Enforce single sign-on for managed users. Assign the policy to the appropriate users or groups.
Attribute mappings
Source (1Kosmos) | Target (Atlassian / Trello) | Description |
|---|---|---|
user.email | NameID (emailAddress) | Must match the user's Atlassian account email (which maps to their Trello account) |
user.firstName | firstName | User first name |
user.lastName | lastName | User last name |
Integration notes
Trello SSO is enforced at the Atlassian organization level through Atlassian Guard Standard. The SAML configuration covers all Atlassian products (Jira, Confluence, Bitbucket, Trello) for users with email addresses on the claimed domain.
Legacy Trello-specific SSO apps configured before the Atlassian Guard transition no longer work; all SSO must now go through the Atlassian Cloud app in the identity provider.
Users who are not Trello Enterprise license holders but have Atlassian accounts on the claimed domain will be billed in Atlassian Guard Standard once the domain is claimed and SSO is enforced.
