Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Provisioning External users

Roopa Dass
Roopa Dass September 2, 2023

Some of our external users have an Atlassian account and the Org  they have access to is  already SSO enabled .

We'd like to invite these users to our Org for collaboration , Is it possible to claim their domain to manage these user accounts on our side ?

I understand that for SCIM User management you need to verify their  domain but  not sure if this is possible in our case as their domain has already been claimed by a different Org for SSO purposes. 

 

What would be the the best way to handle user provisioning of external users in our case  .

Thank you in advance for your help .

Answer
Watch
Like Be the first to like this
1450 views

3 answers

1 vote
Jehan Bhathena
Jehan Bhathena
Community Champion
September 2, 2023

Hi @Roopa Dass ,

You can manually send the user an invite from the site/instance where you want to these users to collaborate.

In terms of claiming domains, you want to claim only those domains which you manage, you would not want to claim additional domains just for the sake of external user provisioning, claiming an additional domain means that you may be the official owner of that site/domain, which entails a lot of other responsibilities not just from Atlassian usage but from an overall business perspective.

If the "Invite" option doesn't suit your use case, please do let us know if there is any specific reason/use case that you're looking to achieve.

View More Comments
Roopa Dass
Roopa Dass September 2, 2023

Hi @Jehan Bhathena - Many thanks for the insight around claiming domains.Very useful  :)

Does this mean that  claiming the  domain for user provisioning in our org  ,will disclaim the domain from their end ? And that we manage the SSO element as well ?

Just trying to  understand if claiming domains work differently for SSO and User Provisioning or if  they work in tandem.

 

Thank you once again .

Roopa

Like
Jehan Bhathena
Jehan Bhathena
Community Champion
September 2, 2023

"will disclaim the domain from their end ? And that we manage the SSO element as well“ : Not quite sure but from what I have tested, one domain can be claimed only by one Org. Not sure about the SO Element but you'll be managing their users overall Atlassian account. More details in this doc : https://support.atlassian.com/organization-administration/docs/what-is-an-atlassian-organization/

"SSO and User Provisioning" : depends, you can setup the SSO provisioning to automatically create a user if they are added to your Identity provider. (Users and groups sync from your identity provider to your organization)

Like Roopa Dass likes this
Reply
0 votes
Aditya_miniOrange
Aditya_miniOrange
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 13, 2023

Hello @Roopa Dass 

I believe our User Sync, SCIM plugin for Atlassian Cloud can satisfy your use case of provisioning external users into your Atlassian Cloud (Jira, confluence, bitbucket) instances. 

Please reach out to us at atlassiansupport@xecurify.com to discuss the solution in detail. 

Thanks,

Aditya Kekre

Reply
0 votes
Trudy Claspill
Trudy Claspill
Community Champion
September 3, 2023

Hello @Roopa Dass 

If the domains of their accounts have been claimed by another Atlassian Organization, you cannot claim that same domain.

In what way do you want to be able to managed these other users accounts, specifically?

You can manage what they have access to within your Organization through the Product Access settings for your products.

You cannot directly manage the authentication policies that are applied to those accounts when they are logging into Atlassian.

You cannot directly manage the password policy applied to those user accounts.

You can apply additional policies to them when they access products under your Organization by utilizing the External User Security options.

https://community.atlassian.com/t5/Atlassian-Access-articles/Collaborate-more-securely-with-External-User-Security-GA-release/ba-p/2411155

View More Comments
Roopa Dass
Roopa Dass September 4, 2023

Hi @Trudy Claspill - Many thanks for your response.

"In what way do you want to be able to managed these other users accounts, specifically?" - We're looking at managing user provisioning these external users for which I think we need to  claim their domain . But looks like from what you've said above it may not be possible as their domain has already been taken by another Org?

Like
Trudy Claspill
Trudy Claspill
Community Champion
September 4, 2023

What specifically does Provisioning mean to you?

Provisioning means using an identity provider to update the users in your Atlassian Cloud organization. Do you have these users set up in your identity provider with the external domain specified for their email?

Do you want to create their Atlassian account?

Do you want to manage it's membership in your user groups through your IDP?

Do you want to control whether or not they can use their account to login into Atlassian Cloud globally, not just for the products in your Organization?

Do you want to control the password policy applied to them when the log in to Atlassian Cloud?

Do you want to be able to control globally, whether or not their account is active, being able to cut off their ability to login to Atlassian Cloud to reach any product?

Those are all elements of user provision. Ones that relate to the user's ability to access Atlassian Cloud globally, which is the step before accessing products in any Organization, are managed by the Organization that claims the domain.

Like Sabine Mayer likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security