Hey @Michael Hotchkiss , my understanding here is that this shouldn't be too challenging, but will require a few steps to occur in a specific order.
In your current state, you've got your Google Workspace configured as your identity provider. I'm assuming you also have SCIM enabled, such that new users on Google Workspace get new Atlassian Accounts configured automatically.
The good news is that all of your users have Atlassian Accounts already, they are just being forced through Single Sign On via Google Workspace, instead of using an Atlassian Account specific password.
Here are some assumptions I am making that you'll want to double confirm:
- You currently have SCIM enabled, such that any new user in Google Workspace syncs with Atlassian automatically, and has a new Atlassian Account created for them.
- The email address for every user is the same on Google Workspace and Office 365.
- The unique id for each user is their email address or prefix, and is the same across both Google Workspace and Office 365.
- You have a user account which has Organization Administrator privileges, that is NOT part of your Identity Provider configuration
Here's what you'll need to do:
- Ensure your email domain is claimed and verified. This should already be the case due to the existing SSO configuration.
- Export a list of your Claimed and Managed users, so that you have a record of which accounts you have claimed and managed, ideally for use later.
- Disconnect your Google Workspace identity provider. This should release all of your user accounts from Single Sign On, but may not release them from being Managed. This won't be an issue, once Office 365 is connected, you can connect them back into SSO.
- Connect your Microsoft 365 identity provider, and configure SSO as required.
- Re-claim all accounts you previously had claimed. This likely will happen automatically once the IdP is connected, and the user list syncs.
If you do this quick enough, and ideally on off-hours, you can likely avoid a lot of confusion from your users with how they sign in.
Here are some documents and other Community threads I encourage you to read just to get your head around the process:
Hope this is helpful! You can always reach out to Atlassian Support directly via support.atlassian.com if you run into any specific issues.
The biggest takeaway I have though: Keep at least one account completely disconnected from your Identity Provider for the migration. Ideally, use a completely different domain (like a free gmail.com email account) to ensure you maintain administrative access if something does go wrong. Once you verify everything is working properly, you can remove that accounts access, but it's a great safety net to have.
Cheers,
Robert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.