Example of okta-config-jira.xml

<configuration>
    <applications>
        <application>
            <md:EntityDescriptor entityID="http://www.okta.com/exknbojcmy7JNaqkm0h7" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>MIIDpDCCAoygAwIBAgIGAWwFJnwgMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU
MBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi03ODAzNTQxHDAaBgkqhkiG9w0BCQEW
DWluZm9Ab2t0YS5jb20wHhcNMTkwNzE4MTI1NDAzWhcNMjkwNzE4MTI1NTAzWjCBkjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNV
BAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtNzgwMzU0MRwwGgYJ
KoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
ndgkp3yzBMxDH/0UNIgZdcCfcxdCdZtkWbDotp1k22qIcJVMFaRF5uNTYil/MW87eFOdBrW1Aqxg
48y/41jzabL791GdX5wYgMsRVw7jTSaYSXVqW6la1ustpn/rz4IkPQFWBF7MImejiFISdCh/GBzS
Q++bEU9F/4kVnf2QVABrYG/vhliY3GL/VDhLBXHv2FKi20TJrk+XFh0+dYBKnCJ3nXeQY/91+IHT
2AMFVAXvGqpok7+jdeb9lWDd3Ca7YTKPclGIkxeAA7OND5DzNsgQvSNH4ZUZCwJiSNul/n8YVsiW
eS1ZbGv8qiVcjniOtZ6OzV8rp3BYfuNHuz8YhQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAQ1K1V
ar2Dfr0SiyXHNLl47k3PNLNdXtQik5cIxjm8EXfFsArwWLo3ge/xeENHi/pLbpF5NgLsc/xj88ij
ZGo484Skg7dD2vm2YE5Wf7vdEE3aaqhM7OJ5PnRZTQZuFTcWKs2x+/I0mqlChIxigpL8et5Efm+R
z52/f/P4giCrI+/QBVt9MNCHotVCqsmmCWaRKBO195TYp17EbSx4FgNsogYGcWRdshPGKaNhUADu
P38usXc4Ig4uu/Y0KXv+ZkvguZwF1KTD73+nsEnWzmug2ULaz1X13OzqPJfZZ1We//RPFlnIKMnu
T4RGAcCYdyrcDxn/sPhvgClO1gcmfFnH</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:email</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://advania.zhb.se/app/jira_onprem/exknbojcmy7JNaqkm0h7/sso/saml"/><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://advania.zhb.se/app/jira_onprem/exknbojcmy7JNaqkm0h7/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>
        </application>
    </applications>

    <allowedAddresses>
        <!--If this section defined, it describes which IP addresses can use Okta Authenticator to log into Jira.
                This block takes precedence over spUsers block below.-->
		<!--
        <oktaUsers>
            <ipFrom>192.168.3.10</ipFrom>
            <ipTo>192.168.3.220</ipTo>
        </oktaUsers>
		-->
        <!--If this section defined, it describes which IP addresses can use Native Jira autheticator (login/pass) to log into Jira.
        This block has lower priority than oktaUsers block.-->
		
        <spUsers>
            <ipFrom>158.177.188.50</ipFrom>
            <ipTo>158.177.188.50</ipTo>
        </spUsers>
		
    </allowedAddresses>
 
    <!--If this section defined, SP flow can be disabled for users,
        listed below. In this case they will be forced to login using their login/pass. -->
	<!--
    <spUsers>
        <username>user1</username>
        <username>user2</username>
        <username>user3</username>
    </spUsers>
	-->
    <!--If this section defined, SP flow can be disabled for users assigned to groups in Jira,
       listed below. In this case they will be forced to login using their login/pass. -->
	
    <spGroups>
        <groupname>local-auth</groupname>
        <groupname>jira-local-auth</groupname>
    </spGroups>
	
    <!-- If this section defined, authenticator won't be used for URLs listed below -->
    <spUrls>
        <url>servicedesk/customer/portal</url>
    </spUrls>
	
	
    <oktaProtectedUrls>
        <url>/browse/</url>
        <url>/secure/</url>
        <url>/okta_login.jsp</url>
    </oktaProtectedUrls>

    <loginUri>https://<org>/app/jira_onprem/<appid>/sso/saml</loginUri>
</configuration>