Skip to content

How to transform Microsoft Entra ID (formerly Azure AD) guest usernames

Goal

Transforming guest usernames from Microsoft Entra ID (formerly Azure AD) so that they match Atlassian usernames.
A guest username in Azure looks like the below, and a transformation will basically restore the email address part of the guest username. 

  1. c.guest_guestcompany.com#EXT#@company.com


Prerequisites

  • an Microsoft Entra ID (formerly Azure AD) subscription

  • A (evaluation) subscription for the SAML SSO app for Atlassian Data Center or Server applications

  • Admin access to your Atlassian Data Center or Server product

For more information about the prerequisites listed above, access the following link:

https://wiki.resolution.de/doc/saml-sso/latest/all/setup-guides-for-saml-sso/azure-ad

Step-by-Step Guide


  1. Go to the configuration page of SAML SSO for Atlassian Data Center or Server

  2. Select your identity provider (.How to transform Azure AD guest usernames v4.0.x#Image 01)

  3. Scroll down to the Attribute Mapping table
     

  4. Edit the Name-ID - Username Mapping (#Image 02)

  5. Pick the NameID and convert Azure guest-user-UPN Template (#Image 03)

  6. This is going to add the following transformation into the Regular Expression configuration Option.

    Regular expression: (.*)_(.*)#EXT#.*
    Replacement: $1@$2

    You can also manually open this configuration and test with the Regex Replacement Tester(#Image 04)

  7. Apply the configuration and Save your configuration.

Image 01: Select the entry for the Azure AD identity provider

CleanShot 2021-02-22 at 15.40.22.png


Image 02: Edit NameID - Username Mapping

CleanShot 2021-02-22 at 10.04.03.png


Image 03: Choose the predefined Template

CleanShot 2021-02-22 at 15.16.46.png


Image 04: Display what the predefined Template has changed

CleanShot 2021-02-22 at 15.29.11.png