Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Existing Users When Moving to Atlassian Access and SSO

My company currently has an organization setup for Atlassian we have about 357 users that have standard Atlassian credentials. Those 357 users have emails that are associated with our company domain, meaning when they login they use an email like this: <firstname_lastname>@companydomain.com. We are currently using Jira, Confluence, and Jira Service Desk. We are going to also be adding Bitbucket very soon.

We are looking to use Atlassian Access to leverage SSO using AzureAD as our identity provider. Based on reading the docs the steps to get these users to be managed by Atlassian Access are:

1. Verify our domain

2. Create the AzureAD application for Atlassian

3. Assign relevant users to the Atlassian application in AzureAD

4. Configure the SAML SSO to sync users from AzureAD

As we make this transition I want to ensure that we don't have any disruption for the users that will be managed from AzureAD. I have a few questions about how this will work and what the experience will be for the existing users.

My questions are:

1. Once we verify our domain then any users with an email of @companydomain.com will be considered managed users, but until we enable SAML they will be able to continue logging in using their already provisioned Atlassian credentials. Is this correct?

2. If we add all existing users on @companydomain.com to the Atlassian application in AzureAD, then they will be able to login to Atlassian using their AD credentials. Is this correct?

3. Once the users are being managed through AzureAD via SAML will they be assigned to all the same groups and applications in Atlassian that they were before? Or do we have to re-assign groups and access after they are being managed through AzureAD?

ex) john_doe@companydomain.com currently logs in using Atlassian credentials and has access to various projects in Jira and has access to confluence. Once we switch over to AzureAD and john_doe@companydomain.com logs in using AD credentials will john_doe@companydomain.com continue to have access to everything he had access to before without any extra administrative steps?

4. Will all the user mentions for a user still be relevant and intact once we switch them over to Azure AD?

5. If something goes wrong and we need to turn SAML and SSO off will all users be able to continue using their Atlassian credentials as they did before?

6. Any user that has a login email that is not on our company domain for example: jane_doe@someothercompany.com will be able to continue  using their Atlassian credentials. Is this correct?

Thanks in advance for any assistance. 

 

 

1 answer

0 votes
Jimmy Seddon Community Leader Feb 24, 2020

Hi @Thomas Bell,

I'll do my best to answer your questions based on our own experiences.

#1 - Yes, until you setup SAML all you will have done is claimed the accounts but authentication will not have changed yet.

#2 - Assuming you have setup and configured SAML for SSO access then yes this is exactly how this will function.

#3 - I answered a similar question to this one here: https://community.atlassian.com/t5/Atlassian-Access-questions/If-Access-is-turned-off-will-it-impact-projects/qaq-p/1303127

the short answer is you are simply changing the authentication method not the groups and permission structure, so you won't need to change anything here for existing users. 

#4 - Yes, this won't have any affect on existing user mentions, and new user mentions should work exactly the same as before you set this up.

#5 - Yes, refer to the document here for more information: https://confluence.atlassian.com/cloud/unsubscribe-from-atlassian-access-948237308.html

#6 - This one I have not had to deal with personally, but according to here: https://community.atlassian.com/t5/Atlassian-Access-questions/Is-it-possible-to-use-a-mix-of-Atlassian-and-SAML-accounts/qaq-p/826585, it looks like this is also possible.

I hope that helps!

-Jimmy

Dave Meyer Atlassian Team Feb 25, 2020

Yes just to confirm, if you have users that have access to your Jira or Confluence site but are external (i.e. not on one of your verified domains), nothing will change for them. They'll still have access to your site as usual and they will still log in as they did before. 

Like Jimmy Seddon likes this

@Dave Meyer  hope i can follow up - to be sure, its mentioned that groups and permissions dont change since only the authentication changes. 

does that hold true for assignees? meaning if user x is logging in not using atlassian access and is now assigned an issue, and now logging in with atlassian access, are they still the assignee? or does the user itself change since its coming from another source?

Dave Meyer Atlassian Team Jul 06, 2021

Hey @Ben ,

Nothing to worry about. The same user will still be assigned the issue. Think about it this way:

  1. Fred is a user who has an Atlassian account where he logs in with his email address and password. He is assigned an issue.
  2. Under the covers, the value of the "Assignee" field for that issue is populated with his unique Atlassian account ID. (n.b. you can actually see this if you look at the REST API)
  3. Fred's admin subscribes to Atlassian Access and enables SSO.
  4. Now, when Fred goes to log in to his account, instead of entering his email address and password, he's redirected to his SSO provider to authenticate.
  5. But the issue assignee value never changes in Jira, because Fred still has the same Atlassian account. The only thing that's changed is the authentication mechanism for the account.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

Resources + Q&A from "What's new in Atlassian Access" webinar

Hi Community! Thank you to all those who joined our What’s new in Atlassian Access webinar last week! We received so many great questions about existing functionality and newly released features of...

947 views 0 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you