Tags | Authentication | SSO |
ADMIN PRIVILEGES REQUIRED
Enterprise users can access their documentation here. Find your plan.
Overview
If your company changes its internet domain or mail system, your IT staff may need to create new email addresses for all employees (for example: [email protected] becomes [email protected]). This will affect your users' ability to access your Stack Overflow for Teams site. Thankfully, careful coordination can make changing your users' email domain a smooth process. This guide aims to help you achieve a safe and seamless transition.
Email domain change with SSO (Teams Basic and Business only)
If your Stack Overflow for Teams site uses Single Sign-On (SSO), the process will vary depending on your SSO configuration. Below are two SSO configurations and the actions required for each.
Scenario 1: Persistent SSO unique identifier
If your SSO configuration uses a persistent unique identifier (for example: employee ID), you may not need to take any additional action. In this case:
When a user logs in with a new email address, your site will authenticate them based on the unique identifier (for example: employee ID, which hasn't changed).
On login, your site will recognize the new email address and automatically add it to their account.
The change in the email domain doesn't require any extra steps—the user simply needs to log in to the site again. The process is seamless, and users maintain access to their accounts without disruption.
NOTE: This example illustrates why it's considered best practice to use a persistent user identifier (not email address) for SSO authentication.
Scenario 2: Email address as SSO unique identifier
If your SSO configuration relies on the user's email address as the unique identifier, the solution is more complicated. In this case:
When users log in after the email domain change, they will not be recognized or taken automatically to their existing accounts. Instead, your site will create new accounts for them.
A site admin will need to merge the new accounts with the old accounts to preserve their account information and history.
To accomplish the merge of new accounts created after an email domain change, contact Stack Overflow support for help.
NOTE: We strongly recommend changing to persistent unique IDs. Stack Overflow support can help you update your identity provider (IdP) settings to incorporate persistent unique IDs as part of the email domain migration process.
Email domain change without SSO
SSO is optional on Stack Overflow for Teams Basic and Business sites, and not supported on Teams Free.
If your site doesn't use SSO authentication, your users will be able handle the email domain change on their own. Ideally, users will have an overlap period with access to both their old and new email accounts during the domain change process. This is the best time to update their Stack Overflow for Teams logins by following the steps below.
NOTE: Many users use Google OAuth to sign in to their profiles. This will eventually fail after their email domain changes, resulting in them being locked out of their accounts.
If a user is already locked out, contact Stack Overflow support for help.
Access email settings page
After logging in to their Stack Overflow for Teams site, users should go to their "Edit Email Settings" page by clicking on their avatar (profile picture), selecting Account settings, then clicking Edit email settings. (They can also go directly to https://stackoverflowteams.com/users/email/settings/current.) This page displays a table of their email settings.
Update email settings
Users should enter their new email address and click Save for each Stack Overflow Team they're a part of.
Add new login
Users with access to both their old and new email accounts can switch to their new email address immediately. If users don't yet have access to their new email account, they'll need to create a temporary login.
To create a new login, users should go to their "My Logins" page by clicking on their avatar (profile picture), selecting Account settings, then clicking Your logins. (They can also go directly to https://stackoverflowteams.com/users/mylogins/current).
Next, they'll click Add more logins… to access the "Add another login credential" window.
Add a login with their new email account
Users with access to their new email account can add a new email/password login with their new email address. They will receive a confirmation email to their new email address. After confirming the new login, they're done with the email configuration process.
They can begin using the new login immediately. If desired, they can return to their "My logins" page to remove the login for their old email account.
Add a temporary login
Users without access to their new email account will need to create a temporary login. They can use any email address they have access to, even a personal email address. They will receive a confirmation email to that email address, after which they can use the temporary login until they have access to their new email account.
If a user doesn't want to create a temporary email/password login, they can instead connect to an existing email account with an OAuth method (such as Google, GitHub, or Facebook).
At some future point, users who created temporary logins will have access to their new email accounts. They should then log into their Stack Overflow for Teams site and access their "My Logins" page. They'll create a new login with their new email account by clicking Add more logins…. They can also delete their temporary login by clicking its Remove button.
Need help? Submit an issue or question through our support portal.