Transforming guest user names from Azure AD so that they match Atlassian usernames.
A guest username in Azure looks like the below and a transformation will basically restore the email address part of the guest username. 



  • an Azure AD subscription
  • A (evaluation) subscription for the SAML SSO app
  • Admin access to your Atlassian product

For more information about the prerequisites listed above, access the following link:


Step-by-Step Guide

  1. Go to the SAML SSO configuration page

  2. Select your identity provider (Image 01)

  3. Scroll down to User ID Transformation

  4. Uncheck The IdP's NameID Attribute Matches the User IDs in Jira

  5. Then click Add one+ next to UserID transformation

  6. Add the following transformation (Image 02):
    Regular expression: (.*)_(.*)#EXT#.*
    Replacement: $1@$2

  7. Save your configuration.

Image 01: Select the entry for the Azure AD identity provider

Image 02: Add the following transformation