Oct 29, 2020

Migrating Atlassian users from Google SSO to Azure SSO

 Scenario: You decided to move your company (and all of your users) from Google to Azure.

You would assume that as an Admin, you could bulk migrate all of your users, but you can't. Don't ask why, I am pretty sure Atlassian themselves don't know why.

Every user will have to migrate themselves, and work through Atlassians "not bugs but features" bugs.

Step 0Turns out this is important: Validate that you can login with email account and not Google SSO. 
  • Log out and log back in using @<your company>.com email address & password combination. If you don’t know, reset your password for @<your company>.com address. 
  • After you know your password, proceed.
  • Log in using Username / Password combination.

Next: Update your email address to different SSO

  • Now that you’re logged in, browse to https://id.atlassian.com/manage-profile. Then select “Email” (direct URL: https://id.atlassian.com/manage-profile/email )

    OPTIONAL: While you’re here, why not use the Email Preference Center to unsubscribe from marketing emails?


  • Enter your <new email address> in the box and save your changes.

  • You will get confirmation email in your <new email> inbox.

  • Open the email, click the link, and you’ll taken to the login in screen showing your <new email address> account.

  • Use your <new email address> and old password.

    THIS IS CRITICAL and a massive source of pain (which is "behavior as expected" according to Attlassian.)

    • If you don’t know your password, stop, log out and go to step 0. Resetting password here will create the new account, and you’ll have to go to troubleshooting section.

Last: Connect to Azure SSO

  • Super duper important (otherwise you’ll create additional headaches for youself): Review your Atlassian profile to validate that your email address has been updated to <new email associated with Azure> (https://id.atlassian.com/manage-profile)

  • Log out

  • Log in using "Sign in with Microsoft" button

  • You will get an email in your new account with a long string of numbers.

  • Enter it into the prompt and you're done.

  • Now under your "Email" page in Account settings, you will see a banner that reads "Your account is connected to a Microsoft account. Changing the email address here will disconnect your account from the Microsoft account."

Final: If you’ve ever posted in the Atlassian forums, you will get another confirmation email with a link to approve Forums email address update.


Q: At confirmation screen: you don’t know the password for your <new email address> 

A: This is actually the password for your <old account> account. Attlassian claims it's not a bug

Q: You’re getting an error that account is already in use?

A: This means that somehow an Atlassian account already exists. You’ll have to free it up first, and then switch the <old account> to <new account>

The path of least resistance is to log into conflicting account, and update email address to some other email address. (dont forget to mark it for deletion when it's all done)

Once that's done, and your desired email address gets freed up, and you can attempt to switch address to Azure SSO again using steps above. 

Note: Due to Atlassian creating accounts on login attempts without explicitly asking for an account, this problem can happen multiple times. Sorry

After successful switch, log into the extra account, and delete it from "Account Preference" page (https://id.atlassian.com/manage-profile/account-preferences). it’ll take 2 weeks.

Q: You’re getting an error that you need to wait 24 hours due to email update limit.
A: Wait 24 hours.

No comments:

Post a Comment

Comments are welcomed and appreciated.