Example of okta-config-jira.xml
<configuration>
<applications>
<application>
<md:EntityDescriptor entityID="http://www.okta.com/exknbojcmy7JNaqkm0h7" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAWwFJnwgMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODAzNTQxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTkwNzE4MTI1NDAzWhcNMjkwNzE4MTI1NTAzWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzgwMzU0MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
ndgkp3yzBMxDH/0UNIgZdcCfcxdCdZtkWbDotp1k22qIcJVMFaRF5uNTYil/MW87eFOdBrW1Aqxg
48y/41jzabL791GdX5wYgMsRVw7jTSaYSXVqW6la1ustpn/rz4IkPQFWBF7MImejiFISdCh/GBzS
Q++bEU9F/4kVnf2QVABrYG/vhliY3GL/VDhLBXHv2FKi20TJrk+XFh0+dYBKnCJ3nXeQY/91+IHT
2AMFVAXvGqpok7+jdeb9lWDd3Ca7YTKPclGIkxeAA7OND5DzNsgQvSNH4ZUZCwJiSNul/n8YVsiW
eS1ZbGv8qiVcjniOtZ6OzV8rp3BYfuNHuz8YhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAQ1K1V
ar2Dfr0SiyXHNLl47k3PNLNdXtQik5cIxjm8EXfFsArwWLo3ge/xeENHi/pLbpF5NgLsc/xj88ij
ZGo484Skg7dD2vm2YE5Wf7vdEE3aaqhM7OJ5PnRZTQZuFTcWKs2x+/I0mqlChIxigpL8et5Efm+R
z52/f/P4giCrI+/QBVt9MNCHotVCqsmmCWaRKBO195TYp17EbSx4FgNsogYGcWRdshPGKaNhUADu
P38usXc4Ig4uu/Y0KXv+ZkvguZwF1KTD73+nsEnWzmug2ULaz1X13OzqPJfZZ1We//RPFlnIKMnu
T4RGAcCYdyrcDxn/sPhvgClO1gcmfFnH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:email</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://advania.zhb.se/app/jira_onprem/exknbojcmy7JNaqkm0h7/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://advania.zhb.se/app/jira_onprem/exknbojcmy7JNaqkm0h7/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
</application>
</applications>
<allowedAddresses>
<!--If this section defined, it describes which IP addresses can use Okta Authenticator to log into Jira.
This block takes precedence over spUsers block below.-->
<!--
<oktaUsers>
<ipFrom>192.168.3.10</ipFrom>
<ipTo>192.168.3.220</ipTo>
</oktaUsers>
-->
<!--If this section defined, it describes which IP addresses can use Native Jira autheticator (login/pass) to log into Jira.
This block has lower priority than oktaUsers block.-->
<spUsers>
<ipFrom>158.177.188.50</ipFrom>
<ipTo>158.177.188.50</ipTo>
</spUsers>
</allowedAddresses>
<!--If this section defined, SP flow can be disabled for users,
listed below. In this case they will be forced to login using their login/pass. -->
<!--
<spUsers>
<username>user1</username>
<username>user2</username>
<username>user3</username>
</spUsers>
-->
<!--If this section defined, SP flow can be disabled for users assigned to groups in Jira,
listed below. In this case they will be forced to login using their login/pass. -->
<spGroups>
<groupname>local-auth</groupname>
<groupname>jira-local-auth</groupname>
</spGroups>
<!-- If this section defined, authenticator won't be used for URLs listed below -->
<spUrls>
<url>servicedesk/customer/portal</url>
</spUrls>
<oktaProtectedUrls>
<url>/browse/</url>
<url>/secure/</url>
<url>/okta_login.jsp</url>
</oktaProtectedUrls>
<loginUri>https://<org>/app/jira_onprem/<appid>/sso/saml</loginUri>
</configuration>