Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

Recognition

  • Give kudos
  • My kudos

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Existing Users When Moving to Atlassian Access and SSO

My company currently has an organization setup for Atlassian we have about 357 users that have standard Atlassian credentials. Those 357 users have emails that are associated with our company domain, meaning when they login they use an email like this: <firstname_lastname>@companydomain.com. We are currently using Jira, Confluence, and Jira Service Desk. We are going to also be adding Bitbucket very soon.

We are looking to use Atlassian Access to leverage SSO using AzureAD as our identity provider. Based on reading the docs the steps to get these users to be managed by Atlassian Access are:

1. Verify our domain

2. Create the AzureAD application for Atlassian

3. Assign relevant users to the Atlassian application in AzureAD

4. Configure the SAML SSO to sync users from AzureAD

As we make this transition I want to ensure that we don't have any disruption for the users that will be managed from AzureAD. I have a few questions about how this will work and what the experience will be for the existing users.

My questions are:

1. Once we verify our domain then any users with an email of @companydomain.com will be considered managed users, but until we enable SAML they will be able to continue logging in using their already provisioned Atlassian credentials. Is this correct?

2. If we add all existing users on @companydomain.com to the Atlassian application in AzureAD, then they will be able to login to Atlassian using their AD credentials. Is this correct?

3. Once the users are being managed through AzureAD via SAML will they be assigned to all the same groups and applications in Atlassian that they were before? Or do we have to re-assign groups and access after they are being managed through AzureAD?

ex) john_doe@companydomain.com currently logs in using Atlassian credentials and has access to various projects in Jira and has access to confluence. Once we switch over to AzureAD and john_doe@companydomain.com logs in using AD credentials will john_doe@companydomain.com continue to have access to everything he had access to before without any extra administrative steps?

4. Will all the user mentions for a user still be relevant and intact once we switch them over to Azure AD?

5. If something goes wrong and we need to turn SAML and SSO off will all users be able to continue using their Atlassian credentials as they did before?

6. Any user that has a login email that is not on our company domain for example: jane_doe@someothercompany.com will be able to continue  using their Atlassian credentials. Is this correct?

Thanks in advance for any assistance. 

 

 

1 answer

0 votes
Jimmy Seddon Community Leader Feb 24, 2020

Hi @Thomas Bell,

I'll do my best to answer your questions based on our own experiences.

#1 - Yes, until you setup SAML all you will have done is claimed the accounts but authentication will not have changed yet.

#2 - Assuming you have setup and configured SAML for SSO access then yes this is exactly how this will function.

#3 - I answered a similar question to this one here: https://community.atlassian.com/t5/Atlassian-Access-questions/If-Access-is-turned-off-will-it-impact-projects/qaq-p/1303127

the short answer is you are simply changing the authentication method not the groups and permission structure, so you won't need to change anything here for existing users. 

#4 - Yes, this won't have any affect on existing user mentions, and new user mentions should work exactly the same as before you set this up.

#5 - Yes, refer to the document here for more information: https://confluence.atlassian.com/cloud/unsubscribe-from-atlassian-access-948237308.html

#6 - This one I have not had to deal with personally, but according to here: https://community.atlassian.com/t5/Atlassian-Access-questions/Is-it-possible-to-use-a-mix-of-Atlassian-and-SAML-accounts/qaq-p/826585, it looks like this is also possible.

I hope that helps!

-Jimmy

Dave Meyer Atlassian Team Feb 25, 2020

Yes just to confirm, if you have users that have access to your Jira or Confluence site but are external (i.e. not on one of your verified domains), nothing will change for them. They'll still have access to your site as usual and they will still log in as they did before. 

Like Jimmy Seddon likes this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

681 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you