We use Atlassian Access, Jira, Jira Service Desk & Confluence and have configured SAML Single Sign On.
We are soon to change our primary email domain used by our SAML service. Will this break our existing Jira configuration? What do we do to migrate all users to the new email address?
Thanks for using Atlassian Community.
The SAML-SSO integration in Atlassian Access can implement the change. When you update the email address of the user on the IDP side, the change will be propagated to Atlassian side on the user's next login.
Once the account on Atlassian side is updated with the new email address, the end user will continue to have access to their Atlassian cloud data prior to the change, that includes Jira, Confluence and JSD on cloud.
1. The new domain is claimed on the Atlassian Access organization.
2. The target email address should not be an existing Atlassian Account otherwise the change propagation will fail.
Once you add the new domain in your organization, the Managed Accounts section will start to list all Atlassian Accounts under the new domain.
TIP : Deleting an account has a grace period of 2 weeks. The quickest method to free up the target email address is to change the account's email address in Managed Accounts to a dummy one.
Just a watch out if you are using Azure AD, check the attribute mapping for the SAML-SSO setup. The Azure attribute (UPN or mail) that is mapped to the "Unique User Identifier (Name ID)" will be the value that will trigger the change into Atlassian.
I hope this helps.
Very good! I would assume this is the same case with moving to a new AzureAD tenant with a new domain name?
We are in the middle of a M&A and we plan on migrating our users into the parent company. We would like to shift our Atlassian account to the new parent company and migrate atlassian SSO from our current AzureAD tenant to the new parent company AzureAD tenant. This would involve changing all of our users email addresses to the new parent domain and continue authing using SSO. We want to keep all data associated. I don't see this to much different than a domain name change, but wanted to make sure.
It will not work in that case because the SSO link used by the automatic email address change will be invalidated when switching Azure implementations.
You will need to perform an account migration in that case.
I hope this helps.
Yes, this is very helpful! This still seems very attainable with minimal downtime and impact to the business. Will all existing data and permissions be retained after switching the user email addresses? I assume when you say account migration, you refer to the migration of the identity services and not an entire org migration to a new atlassian account.
Lastly, will this change the primary url seen throughout the atlassian account? Ideally the URL will reflect the new domain we are moving to as we start rebranding the account.
While this seems straight forward I have bigger concerns with integrations and opsgenie.
Yes, the Atlassian accounts will continue to have access to the sites and their existing data after the change. They are simply identified under the new email address.
The change I mentioned indeed only covers the identity part. For the URL of your cloud sites, you will need to arrange the site rename separately by following this KB article.
Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events