Plan your Cloud migration
Documents to help you prepare to migrate your Atlassian Server products.
To ensure your Cloud site is secure, you must migrate only users with emails from domains you trust.
Before you create a migration, you’ll need to secure your Cloud site by reviewing the email domains and marking them as trusted or not trusted using the Cloud Migration Assistant.
When you mark an email domain as trusted, it means that you don’t have any security concerns with that domain.
When you don’t trust an email domain, it means that you don’t know the origin of that domain or that it belongs to an organization you don’t trust. If you don’t trust all or some of your email domains, you’ll still be able to run a migration, but your migration will fail. We recommend you work with your security team to decide which email domains you trust.
You can create and run migrations without reviewing and trusting email domains, but the migration will fail till you mark all the email domains as trusted.
To mark the email domains as trusted or not trusted, follow these steps:
Open the Cloud Migration Assistant.
Select the Review all email domains card on the Migration Assistant home screen. The list of email domains in your user base is displayed.
On the Review all email domains screen, review each email domain and mark them as trusted.
For more information on this security enhancement, see the documentation on how to use Jira Cloud Migration Assistant and Confluence Cloud Migration Assistant.
You can also query your database to create a report that contains all the domains used in the user emails and the number of users in each domain. To learn how to prepare SQL queries for your database, see Auditing user email domains by querying the application database.
We don't recommend this option because, after the domain review, you would still need to use the Cloud Migration Assistant to trust each domain.
If you can't mark a few or all of your email domains as trusted, here are some steps you can take.
When you don't trust an email domain, you need to review the email IDs from such a domain in your Server or Data Center instance and modify the user details such as username or email address or delete the user.
Use one of the following methods to modify user details to be able to unblock the migration:
User administration tools in Jira and Confluence Server or Data Center
Modify users from external directories
Use the existing user administration tools in your Server or Data Center products to review all the users with untrusted domains. To do so, search for the untrusted domain and modify, disable, or delete the user.
Select Administration > User management.
On the next Users screen, search for the domain you don’t trust.
From the list that appears, select the user to be modified.
Edit the user details such as the email ID or username.
Take one of the following approaches to modify the users in your external directories:
Modify the emails of the users with untrusted domains to addresses of domains you trust
Delete the users with emails containing untrusted domains
Modify the emails of the users with untrusted domains to addresses of domains you trust
What to do? | Find the user’s location or origin and then modify their email ID. The possible locations can be LDAP, Crowd, or Jira. |
---|---|
What’s the result? | There is no change in user ownership of data or tracking of user actions within the product. |
How do I do this? | For Jira, see Editing users. For Confluence, see Edit User Details. |
Delete the users with emails containing untrusted domains
Jira |
|
---|---|
What to do? | Find the user’s location or origin and then delete the user. The possible locations can be LDAP or Crowd. |
What’s the result? | When you delete a user, the filters and dashboards owned by this user are also deleted, even if these filters or dashboards are shared with other users. Before you delete a user, you need to know the following:
|
How do I do this? | See Deleting users.
|
Confluence |
|
---|---|
What to do? | Find the user’s location or origin and then delete the user. The possible locations can be LDAP, Crowd, or Jira. |
What’s the result? | You won’t be able to track the user’s data ownership and actions within the product in Cloud. If you delete users from external directories (and synchronize), they become inactive in Jira. An inactive user becomes active in Cloud, does not have product access, but has site access. |
How do I do this? |
If you’ve already migrated emails from untrusted domains to Cloud, do one of the following to safeguard your Cloud site:
Suspend users
Delete users
What to do? | Suspend users with emails containing untrusted domains if they have already contributed to the content. |
---|---|
What’s the result? | Users won’t be able to log in to the Cloud and will stop receiving notifications. |
How do I do this? | For Jira and Confluence, see Remove or suspend a user. |
What to do? | Delete the users with emails containing untrusted domains if they haven’t contributed to any content. |
---|---|
What’s the result? | A user who has not contributed to any content will disappear from the user list. They are not linked to any content, so there is no need to trace their impact on the instance. |
How do I do this? | For Jira and Confluence, see Remove or suspend a user. |
Was this helpful?