My organization would like to migrate our SSO and user/group provisioning from Okta to Entra/Azure.
Currently, users and groups that have been provisioned have a lock icon in Atlassian and cannot be edited there. This migration will require un-linking all users and groups from Okta and re-linking them to Entra. In our tests, however, the only way to unlink was to deprovision the user and allow that to flow through to Atlassian.
Obviously, we don't want to delete all users and groups in Atlassian/start over. Has anyone done a similar migration and if so, how did you do it?
I've seen a lot of these types of migrations. The best thing you can do is reach out to Atlassian Support and work with them to answer questions about your migration plan, related to your specific org/sites/products setup.
Generally, my advice is:
1. Test this all out in a separate org and site if you can.
2. Create a detailed set of steps, on how what you need to create/click/edit/delete and expected outcomes from each of those steps. You'll need to piece this together from various Atlassian Support docs. This will better help you understand the process and what you and your users can expect to happen. It will also be very helpful in communicating with Atlassian Support staff on any questions you have.
3. When testing, ensure you can complete the same steps in your production org. There are different experiences in admin.atlassian.com, depending on when you started using Atlassian products and how complex your setup is. It would be a big problem if you tested everything, only to realise on migration day that your production org is different...
4. Check that Entra is supported by Atlassian SCIM - https://support.atlassian.com/provisioning-users/docs/supported-identity-providers/
I hope that helps and your migration goes smoothly!
-Kieren
Co-Founder of Admin Automations | Ex-Atlassain
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.