How does the account creation work when migrating from Atlassian hosted accounts to SSO in the cloud? Do we have to re-create access and permissions for everyone migrated over to SSO or will Atlassian match email addresses in the SAML claim to accounts already created?
Once you configured the SAML configuration, Atlassian Access would match the Atlassian Account's email addresses that are associated with the verified domain with the email addresses of the account in your IdP.
If they are matched, the user will be able to login via SAML SSO.
Atlassian Access doesn't affect the application access but only Atlassian Accounts. Setting up an Atlassian Access SAML configuration would not create a user in your instance. Think Atlassian Access as a centralized platform to manage users across all Atlassian product.
So you would still need to create a user in your instance if the user doesn't exist in the instance. But as long the user is created with an email address matches with the IdP's account, the user would be able to login via SAML SSO.
Update: That's a wrap! Thanks so much for your questions. If you didn't make it for the live AMA, not to worry. Add your questions below and I will get to them ASAP. Hello Atlassian Community...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events