Migrating from G Suite to other Identity Providers (Okta, Azure AD, OneLogin etc)

Just want to share my experience here if you have G Suite integration with your Atlassian Cloud site and you are planning to migrate to a different Identity Provider (Okta, Azure AD, OneLogin etc) to apply Atlassian Access features.

Before you start

Before migrating, make sure you have subscribed for Atlassian Access and understand the features and pricing.

How to migrate

Disable G Suite Integration 

  • Go to your organization at admin.atlassian.com
  • Go to Directory > G Suite page.
  • Select Disconnect account and follow the prompts. 

When you disconnect your G Suite integration:

  • Your users will still be able to log in to your site's products with their Google credentials. However, their details won't be synced.
  • If your domain hasn't been claimed by an Atlassian organization, then users with accounts from that domain will no longer be managed and will be able to edit their account details.

Disconnect account option is greyed out while the sync is in progress. If the sync is taking very long time, admin can terminate the sync by revoking GSync’s refresh token in Google.

  • G Suite Admin can go to https://myaccount.google.com/permissions
  • Select Atlassian Cloud from Third-party apps with account access page and click on 'Remove access'
  • This will fail the sync in Atlassian side.

Verify Domain(s) in Atlassian Organisation

The domains verified as part of G Suite integration, will be removed automatically from the Atlassian Organisation when the G Suite integration is disabled. 

Make sure you verify the domains in your Atlassian Organisation in order to apply Atlassian Access feature.

DNS TXT method may take up to 72 hours for the new TXT record to propagate across internet depending on your DNS host.

This may delay the migration if you are planning to do everything on the same day. The workaround is to create a new Atlassian Organisation and subscribe for Atlassian Access in it, and verify the domains before the migration day. Once migrated, you may transfer Products from old organisation to new organisation

Once the domain is verified, Claim accounts with in your domain. When you claim accounts, users with the domain receive an email telling them about the change and what it means to have a managed account. We recommend you notify users that they'll receive this email and who to contact to modify their account.

Apply Atlassian Access features

Now, it's time to Apply Atlassian Access features.

 

2 comments

Ashley Rees September 15, 2021

Really helpful article on how to get started with this process thanks :)

Question, once Google sync is disabled in the Org, how do the users credentials work with Atlassian?

 

"Your users will still be able to log in to your site's products with their Google credentials. However, their details won't be synced."

Specifically, does the Atlassian account become "stand alone" but retain the password as it was set in the GSuite account prior to disconnection? Or is the normal link maintained to the Google account and any password changes are still managed through GSuite itself?

Thanks in advance for any guidance

 

Ash

Andy Tomlin February 6, 2023

We are moving our users from google workspace to microsoft. However we dont want to add license for OAuth so we will just use Atlassian integrated signon. But would like to keep all the users email and account names the same. Can we do this? What are the steps - its not clear from this post.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events