How to transform Microsoft Entra ID (formerly Azure AD) guest usernames
Goal
Transforming guest usernames from Microsoft Entra ID (formerly Azure AD) so that they match Atlassian usernames.
A guest username in Azure looks like the below, and a transformation will basically restore the email address part of the guest username.
- c.guest_guestcompany.com#EXT#@company.com
Prerequisites
an Microsoft Entra ID (formerly Azure AD) subscription
A (evaluation) subscription for the SAML SSO app for Atlassian Data Center or Server applications
Admin access to your Atlassian Data Center or Server product
For more information about the prerequisites listed above, access the following link:
https://wiki.resolution.de/doc/saml-sso/latest/all/setup-guides-for-saml-sso/azure-ad
Step-by-Step Guide
Go to the configuration page of SAML SSO for Atlassian Data Center or Server
Select your identity provider (.How to transform Azure AD guest usernames v4.0.x#Image 01)
Scroll down to the Attribute Mapping table
Edit the Name-ID - Username Mapping (#Image 02)
Pick the NameID and convert Azure guest-user-UPN Template (#Image 03)
This is going to add the following transformation into the Regular Expression configuration Option.
Regular expression: (.*)_(.*)#EXT#.*Replacement: $1@$2
You can also manually open this configuration and test with the Regex Replacement Tester(#Image 04)Apply the configuration and Save your configuration.
Image 01: Select the entry for the Azure AD identity provider
Image 02: Edit NameID - Username Mapping
Image 03: Choose the predefined Template
Image 04: Display what the predefined Template has changed
