Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Single Sign On - Email Domain Change

We use Atlassian Access, Jira, Jira Service Desk & Confluence and have configured SAML Single Sign On. 

 

We are soon to change our primary email domain used by our SAML service. Will this break our existing Jira configuration? What do we do to migrate all users to the new email address?

Many thanks.

2 answers

1 accepted

1 vote
Answer accepted

Hi Kieren,

Thanks for using Atlassian Community. 

The SAML-SSO integration in Atlassian Access can implement the change. When you update the email address of the user on the IDP side, the change will be propagated to Atlassian side on the user's next login.

Once the account on Atlassian side is updated with the new email address, the end user will continue to have access to their Atlassian cloud data prior to the change, that includes Jira, Confluence and JSD on cloud. 

Prerequisites :

1. The new domain is claimed on the Atlassian Access organization. 

2. The target email address should not be an existing Atlassian Account otherwise the change propagation will fail.

Once you add the new domain in your organization, the Managed Accounts section will start to list all Atlassian Accounts under the new domain. 

  • Go to https://admin.atlassian.com
  • Open your organization
  • Navigate Directory > Managed Accounts
  • Filter the list to show only accounts under the new domain. 
  • Review this list and see if there are any accounts that is the target address for the change.
  • Check with the end users if they are valid and can be freed up / deleted. 

TIP : Deleting an account has a grace period of 2 weeks. The quickest method to free up the target email address is to change the account's email address in Managed Accounts to a dummy one.

  • myuser@newdomain.com -> myuser_OLD@newdomain.com
  • myuser@newdomain.com is now free and can be used for the email address change. 
  • myuser_OLD@newdomain.com can be deleted and it will clear out after 2 weeks.

Procedure :

  1. Change the email address of the user on the IDP side. 
  2. As the end user, login into Atlassian (ie. to your Jira site) via SSO using the new email address. They will probably need to log-out of Atlassian and your IDP to initiate the full login flow. 
  3. The change will propagate into Atlassian and the user's account in Atlassian side will be updated with the new email address. The change will also reflect on your Manage Accounts and Jira/Confluence site admin pages. 
  4. The end user can continue to work as normal.  

Just a watch out if you are using Azure AD, check the attribute mapping for the SAML-SSO setup. The Azure attribute (UPN or mail) that is mapped to the "Unique User Identifier (Name ID)" will be the value that will trigger the change into Atlassian. 

 

I hope this helps. 


Cheers, 
Ramon

Such a great answer. Full of detail. Thank you.

Glad to help Kieren and good luck!

Hi Ramon,

We're using standard server licenses. We've Azure AD, Office 365. Following is our Atlassian products version. What is the best way to implement SSO without installing/purchasing Add-on. 

Jira 7.12.3
Confluence 7.2.2
Bitbucket 6.9.2

Very good! I would assume this is the same case with moving to a new AzureAD tenant with a new domain name?

We are in the middle of a M&A and we plan on migrating our users into the parent company. We would like to shift our Atlassian account to the new parent company and migrate atlassian SSO from our current AzureAD tenant to the new parent company AzureAD tenant. This would involve changing all of our users email addresses to the new parent domain and continue authing using SSO. We want to keep all data associated. I don't see this to much different than a domain name change, but wanted to make sure.

Thanks!

Hi Matthew, 

It will not work in that case because the SSO link used by the automatic email address change will be invalidated when switching Azure implementations. 

You will need to perform an account migration in that case. 

  1. Disconnect the SSO integration with the current Azure AD.
  2. Claim the new parent domain in the same organization
  3. Perform an account migration on Atlassian side.
    • Go to https://admin.atlassian.com
    • Open your organization
    • Navigate Directory > Managed Accounts
    • Change the email address of the Atlassian Accounts to use the new parent domain. The email addresses of all your domain account should match the email addresses on the new Azure AD. 
  4. Configure SAML Single Sign with the new Azure AD. 

I hope this helps. 

Like Matthew Arsenault likes this

Yes, this is very helpful! This still seems very attainable with minimal downtime and impact to the business. Will all existing data and permissions be retained after switching the user email addresses? I assume when you say account migration, you refer to the migration of the identity services and not an entire org migration to a new atlassian account.

Lastly, will this change the primary url seen throughout the atlassian account? Ideally the URL will reflect the new domain we are moving to as we start rebranding the account.

While this seems straight forward I have bigger concerns with integrations and opsgenie.

 

Thanks!

Yes, the Atlassian accounts will continue to have access to the sites and their existing data after the change. They are simply identified under the new email address.

The change I mentioned indeed only covers the identity part. For the URL of your cloud sites, you will need to arrange the site rename separately by following this KB article. 

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

See Atlassian Access in action - Live Demo

Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...

98 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you