It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SAML single sign-on Edited

Jimmy I'm New Here Aug 20, 2020

I have some questions regarding the implementation of SAML single sign-on with Atlassian Access.


This is the current scenario:

  • Single Atlassian organization using JIRA/Confluence/Bitbucket products suite.
  • User email addresses belong either @branch.contoso.com or @branch.acme.com domains.
  • There are Trello users outside of the Atlassian organization using @branch.contoso.com email addresses.


We are planning to enable Atlassian Access, verify the subdomain "branch.contoso.com", claim accounts, and enable SAML single sign-on. 

If we enabled Atlassian Access with "branch.contoso.com", what will happen with users still under "@branch.acme.com" email addresses?

If we migrate them to @branch.contoso.com after Atlassian Access is enabled. 

- Will they keep their same access level and content (Bitbucket commits, JIRA ticketc. etc) associated with the previous account ID (@branch.acme.com)? 

- Should we move everyone to the @branch.contoso.com email address before enabling Atlassian Access to avoid any issues?

- How about the Trello users, Will they become managed accounts even though they are outside of the Atlassian organization? If so, How can they avoid it? 

Thank you, everyone, for your insights

Regards

1 answer

0 votes
Dave Meyer Atlassian Team Aug 22, 2020

Hi @Jimmy ,

Do you have both the branch.contoso.com and branch.acme.com domains verified currently? That's the state I would try to target first. Have both domains verified, and then it's much easier to change users email address from one to the other. From an Atlassian functional benefit, there's no difference between having both domains verified under your organization or having all the users on one domain, so I would only do this if you had some other business reason for wanting to update everyone's email addresses to the same domain.

 

If you have both domains verified, you can change email addresses via the UI or using this API: https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-users/#api-users-account-id-manage-email-put

I would do this before you enable SSO with Access. And then you should ensure that users' email addresses on their Atlassian accounts match what's in your IdP.

>Will they keep their same access level and content (Bitbucket commits, JIRA ticketc. etc) associated with the previous account ID (@branch.acme.com)?

Yes. There will be no impact to existing users besides needing to use the new email address when they sign in.

>How about the Trello users, Will they become managed accounts even though they are outside of the Atlassian organization? If so, How can they avoid it?

When you claim a domain, all users with Atlassian accounts become managed accounts of your organization, regardless of which products or tenants they have access to (including Trello). We don't currently have a way to choose which users become managed accounts of your organization; however, the ability to set different SSO policies for different groups of users is something we are actively working on.

Hope this helps.

Dave

Jimmy I'm New Here Aug 30, 2020

Thanks Dave.

Appreciate the help.

Regards

J

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

576 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you