Search
  • Julie Gums

How can I migrate LDAP to Azure AD and rename Atlassian users using User Sync?


Question

How can I migrate LDAP to Azure AD and rename Atlassian users using User Sync?


What is the problem?

Migrating to LDAP and using User Sync to sync users is a two step process.


First you synchronize the users from Azure AD or OKTA with their SAM account name. Which is usually the account name in the Active Directory. Then you change the Directory order, that the Azure AD or OKTA Directory, depends on which one you are using, is the first one. Afterwards you change in our connector the mapping from username to e.g. Azure AD UPN. Then you synchronize it again and our plugin will do all the renaming for you.


Learn here more.

How can I migrate to LDAP and rename users?


Prerequisites

  • Jira, Confluence, Bitbucket or Bamboo Server/ Datacenter

  • SAML SSO which always comes with User Sync

  • Azure Active Directory → Azure AD is assumed to be your new IdP, containing all the users and groups which used to exist in LDAP

Important: the following will only work, if users in Azure AD have been/ are synchronized from the existing LDAP to Azure using Azure AD Connect


High Level Migration Summary

The migration will be performed in the following order:

  1. Install SAML SSO (which always comes with the User Sync app)

  2. Register app for User Sync in Azure AD 

  3. Setup User Sync connector for your Azure AD 

  4. Let User Sync copy users from LDAP to the new directory 

  5. Verify the results

  6. Disable old LDAP directory

  7. Change usernames to Azure AD format

  8. Configure SAML SSO to use Azure AD as identity provider


Step-By-Step Migration Guide

Install SAML SSO

  • In your Atlassian product, open the in-product marketplace as described in the Atlassian documentation.

  • Search for "resolution saml" and click "Install" for SAML Single Sign On (SSO) by resolution Reichert Network Solutions GmbH

  • After the installation is complete, click on Manage, then choose Configure

  • Now, you are on the Add-on / app configuration page and the first step of the setup wizard will appear.

Register App For User Sync In Azure AD 

Below is a text based step by step guide for registering an app in Azure AD.  This is required to connect User Sync with Azure AD, described in the next chapter.


Quickstart Guide

Go to portal.azure.com, click "Azure Active Directory" in the left panel and then choose "App registrations".

  1. Click on "New registration"

  2. Enter a "Name" for the app.

  3. Click on "Register".

  4. On this page you can see the "Application ID" and the "Directory (tenant) ID". You will need both to setup the Azure AD connector in User Sync.

  5. Click on "API permissions" in the left panel.

  6. Click on "Add a permission" and choose "Microsoft Graph".

  7. Click on "Application Permissions".

  8. Search for the "Directory" entry, expand it and tick "Directory.Read.All".

  9. Click on "Add permissions" to add the permissions.

  10. Click on "Grant admin consent for ...".

  11. Next, click on "Certificate & secrets".

  12. Add a new Client secret by click on "New client secret".

  13. Enter a description, and choose "Never" for "Expires". Click on "Add".

  14. Copy the secret now ("VALUE"). You are not able to see it again after leaving that page. Please paste it to a text editor for the tutorial.


Read our Knowledge-Base article to see the further steps.

platinum_low-res.png

Newsletter      Support      Marketplace      Documentation      Imprint      Privacy Policy