Transforming guest usernames from Microsoft Entra ID (formerly Azure AD) so that they match Atlassian usernames.
A guest username in Azure looks like the below, and a transformation will basically restore the email address part of the guest username. 



  • an Microsoft Entra ID (formerly Azure AD) subscription
  • A (evaluation) subscription for the SAML SSO app for Atlassian Data Center or Server applications
  • Admin access to your Atlassian Data Center or Server product

For more information about the prerequisites listed above, access the following link:


Step-by-Step Guide

  1. Go to the configuration page of SAML SSO for Atlassian Data Center or Server

  2. Select your identity provider (.How to transform Azure AD guest usernames v4.0.x#Image 01)

  3. Scroll down to the Attribute Mapping table
  4. Edit the Name-ID - Username Mapping (Image 02)

  5. Pick the NameID and convert Azure guest-user-UPN Template (Image 03)

  6. This is going to add the following transformation into the Regular Expression configuration Option.

    Regular expression: (.*)_(.*)#EXT#.*
    Replacement: $1@$2

    You can also manually open this configuration and test with the Regex Replacement Tester(Image 04)

  7. Apply the configuration and Save your configuration.

Image 01: Select the entry for the Azure AD identity provider

Image 02: Edit NameID - Username Mapping

Image 03: Choose the predefined Template

Image 04: Display what the predefined Template has changed