Replacing User email from one org to another

Bhaskar Wunnava October 18, 2024

Hi,

I am working on a migration from one org to another and Post-migration we will be connecting to a different Azure AD using Atlassian Guard.

Ex: let's say the Source domain email is first.name@domain1.com and the target email domain is first.name@domain2.com.

I want to know if is there a way we can change the email domain for all the migrated users to first.name@domain2.com without impacting the issue history.

 

Thanks & Regards

Bhaskar

1 answer

0 votes
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 18, 2024

Hello, @Bhaskar Wunnava 

Change of emails on the user record does not affect issue history.

In general, my advice: get a Atlassian Solution Partner involved, and the actual outage for the change can be as small as 15min.

If you want to do it yourself, yes, it's very much possible, but there is a sequence of steps you need to take:

  • verify both domains in your Atlassian Cloud target organisation (it has become possible recently to verify the same domain in multiple organisations)
  • set Claim setting to manual on source domain in the target org, and also manual temporarily in the source org, I would set/change the target domain in the target org to manual too at least for this migration
  • export the users you are moving from Cloud into CSV – make a list of Account IDs, and a list of old emails and a list of target emails. You can certainly do it with built-in export, especially if you are moving all users. If you are moving a subset – consider instead using our User Management for Jira app to filter by CSV (e.g. by email) and do export to CSV with Account IDs.
  • unlink users you are moving from the source Azure AD (since you said you will be connecting to a "different" one). For this you need to call this (relatively new) AP with your org Admin token and account ID for each user: https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-admin-apis/#api-admin-user-provisioning-v1-org-orgid-user-aaid-onlydeleteuserindb-delete – this should cause the "lock" icon to disappear on the managed user records in Cloud (we have a ScriptRunner script for this)
  • in your "source" Azure AD, remove these users from the scope of User Provisioning (if you have this setup) and trigger provisioning – the users in Cloud should remain active.
  • in your "source" Azure AD, remove these users from the scope of SSO, otherwise without involvement of Atlassian Support it's possible for the user to revert their email by accidentally logging in via old Azure AD, if you do decide to involve Atlassian Support – ask them to "remove the SAML link" for the users and provide them with account ID's and emails. Please note Atlassian will not do this outside of normal support hours they have across their timezones, so it would be best to get in touch to arrange their help beforehand (took me 3 weeks recently!)
  • un-claim users from the source domain in bulk by uploading a list of emails
  • change the emails from the source to the target domain. If you want to do this in bulk you can do it with this API: https://developer.atlassian.com/cloud/admin/user-management/rest/api-group-email/#api-users-account-id-manage-email-put you will need account IDs and for this you need to authenticated with your org Admin token (we have a ScriptRunner script for this, too). Please note, the users will receive a notification from Atlassian that their email has been changed.
  • claim users in the target domain in bulk by uploading a list of emails
  • Once you configure SSO and User Provisioning in the target Azure AD, add users to the correct authentication policy in the target org that enforces SSO (and is linked to the IdP)
  • If you have User Provisioning setup, trigger it, and check that all users have been sync'ed and are now under control of the IdP (display "lock" icon).

If you need any more help - feel free to reach out to us, TechTime Initiative Group, a Platinum Atlassian Solution Partner in New Zealand and Australia, via 24x7 support chat on the website or directly through our Service Desk.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events