Migrating to SAML. Test environment, and user logout questions.

Hi Everyone,

I am looking to migrate my organisation to use SAML single sign on, specifically with Azure AD, and have some a couple questions about the process.

One, is is possible to have some test environment, to ensure that SAML is working correctly, without affecting my users logins? Since Atlassian Access is configured organisation wide, I can't create a separate site to test in, can I?

Two, since user sessions will persist through the migration to SAML (as far as I have gathered from the documentation), will I need to have my users log out, then log back in before I would be able to manage their access through my identity provider (Azure AD)? If a user hasn't logged in with SAML, I would think that their session is not associated with their account on the ID provider. Or is the ability to disable users from the ID provider only available once I set up user provisioning?

Cheers,

Harry