Administer managed accounts for an organization

20 min
Advanced

By the end of this lesson, you'll be able to:

  • Differentiate managed accounts and unmanaged accounts
  • Set up domain verification to claim accounts
  • Unclaim managed accounts
  • Deactivate a managed account
  • Delete a managed account
  • Change a managed account’s details
  • Reset a managed account’s password

What are managed accounts?

In Atlassian organizations, there are two kinds of accounts: managed and unmanaged.
👇 Click the tabs below to learn more about the difference between managed and unmanaged accounts.
Managed accounts are accounts managed by org admins. Only org admins have control over the account details, like emails and passwords.
A company can prove ownership of a domain through domain verification. This will allow them to claim some, or all, of the users who have an Atlassian account with an email under that domain.
Managed users can access all products that org admins can see, even those not managed by the current organization. This could include private sites or other companies' sites.
Managed accounts are listed in the Directory tab under the Managed accounts section.

Users with email address domains your company hasn’t verified appear on your Managed accounts page.

What are the benefits of managed accounts?

Managed accounts mainly provide an extra level of security and access control for the company’s use of Atlassian products. Some aspects of security and account management within an organization are only available to managed accounts.
👇 Click the boxes below to explore the features of a managed account.

If a user hasn't verified their email address, you're unable to make changes to their account.

Set up domain verification

Companies usually own a domain and provide their employees with emails under that domain. The domain is everything that comes after the @ symbol in the user’s email address.
A company can choose to verify its domain to prove it owns it. They can claim accounts under that domain and ultimately apply security policies.
Only one organization can verify a domain. You can’t verify a domain in multiple organizations.
👇 Click the tabs below to explore several ways an org admin can verify a domain.
An org admin can choose this option if they have access to the domain’s DNS records.
To verify a domain:
  1. Go to admin.atlassian.com and select an organization if you have more than one.
  2. Go to the Settings tab, then from the left sidebar, select Domains.
  3. Click Add domain.
  4. Enter the domain name and click Next.
  5. Make sure you are on the DNS tab then copy the TXT record data.
  6. Go to the DNS Records page in the settings of your DNS host.
  7. Add a new record using the TXT record data copied in a previous step.
  8. Return to the admin hub and click Verify domain.

It may take up to 72 hours for the domain to verify and the DNS changes to take effect. The domain status in the domains page should indicate the status of the domain verification.

Claim accounts from a verified domain

An org admin can claim some or all accounts with emails under a verified domain to turn them into managed accounts. Any user with an email under your domain can create an Atlassian account, which can lead to having more users with your domain than expected. Since that can affect your billing, you have the option to export and review the list of Atlassian accounts with emails under your domain before you claim them.
👇 Click the tabs below to explore the two ways an org admin can claim accounts.
Atlassian will automatically claim accounts under the verified domain and add them to the default authentication policy.
To claim all accounts:
  1. Go to admin.atlassian.com and select an organization if you have more than one.
  2. Go to the Settings tab, then from the left sidebar, select Domains.
  3. Select Claim accounts next to the domain.
  4. Review accounts by selecting Export CSV file.
  5. Select Next.
  6. Leave the recommended automatic claim option selected.
  7. Select Claim accounts.
The account claiming process will start. When it finishes, the org admin will receive a notification. All claimed accounts will become managed accounts.

You can see the total number of Atlassian accounts under your domain and the number of accounts that you actually claimed in the Domains page, under the Settings tab.

When you create an Atlassian account through domain verification, then claim accounts within that domain, those accounts automatically become claimed accounts.
👉 For example: Acme organization has a verified domain: acme.com. Acme automatically claimed all accounts. Jaime creates an Atlassian account with his work email address: jaime@acme.com. Jaime receives an email prompting him to verify his email. Jaime follows the prompt and officially creates his Atlassian account.
Jaime’s account automatically becomes a claimed account and is listed in the Managed accounts page under the Directory tab. However, he doesn’t automatically have access to products in Acme organization.

In between creating an account and verifying it, users appear in the list of managed accounts, but with the Unverified label next to their name.

Unclaim, deactivate, and delete managed accounts

Unclaim accounts

After unclaiming an account, you can’t manage them anymore. The accounts aren’t a part of your authentication policies. They will get a notification on their profile informing them that your organization no longer manages their accounts.
To unclaim some accounts:
  1. Go to admin.atlassian.com and select your organization.
  2. Go to the Settings tab, then from the left sidebar, select Domains.
  3. Next to the domain, select the More actions menu (represented by ···), then select Unclaim accounts.
  4. Upload a single column CSV file listing all the emails you want to unclaim.

You can upload multiple CSV files to cover all the accounts you want to unclaim.

Deactivate accounts

An org admin can deactivate a managed account to prevent them temporarily or indefinitely from accessing all organizations and their products.
👇 Click the tabs below to explore the impact of deactivating an account.
Deactivated users will immediately lose access to all organizations and sites.

Deactivating a managed account will prevent them from accessing all organizations and Atlassian account services such as Atlassian Community and Marketplace.

To deactivate a managed account:
  1. Go to admin.atlassian.com and select your organization.
  2. Select the Directory tab then go to the Managed accounts page.
  3. Select the user from the managed accounts list.
  4. From the user’s page, select Deactivate account.
  5. Take note of the warning message then select Deactivate account again.

Only managed accounts can be deactivated. For non managed accounts, you can suspend their access.

To deactivate multiple managed accounts:
  1. Go to admin.atlassian.com and select your organization.
  2. Select the Directory tab then go to the Managed accounts page.
  3. Select the checkboxes next to the managed accounts list you want to deactivate.
  4. Select Deactivate account.
  5. Take note of the warning message then select Deactivate account again.

You can reactivate deactivated users from the managed account user page by selecting Reactivate account. When reactivated, Atlassian restores all their previous access, which means they have access to the same sites and products they had before.

Delete accounts

When an org admin deletes a managed account, they will lose access to all Atlassian account services including all organizations and sites, as well as Atlassian Community and Marketplace.

If you think you’ll need the account again, Atlassian recommends you deactivate it instead.

👇 Click the tabs below to learn more about the impact of deleting an account.
Once an account is deleted, you can’t access other Atlassian account services such as Community, Marketplace, with that account.
To delete a managed account:
  1. Go to admin.atlassian.com and select the organization.
  2. Choose the Directory tab and navigate to the Managed accounts page.
  3. Select the user from the managed accounts list.
  4. From the menu at the top right of the page, select Delete account.
  5. Confirm the deletion by acknowledging the warning message and selecting Delete account again.
Before the permanent deletion of the account, there's a 14-day period during which the account is temporarily deactivated. Org admins can cancel the deletion in this period.

An org admin can only delete managed accounts. For unmanaged accounts, an org admin can remove them from their organization. Unmanaged accounts can however delete their own accounts themselves.

To cancel the deletion of a managed account:
  1. Go to admin.atlassian.com and select the organization.
  2. Choose the Directory tab and navigate to the Managed accounts page.
  3. Select the user from the managed accounts list.
  4. Select Cancel deletion in the user’s page.
  5. Review the confirmation message then select Cancel deletion again.
Atlassian will fully restore the user’s account and they will have access to all sites and products they had access to prior to account deletion.

Maintain managed accounts

Update a managed account's details

As an org admin, you can change any managed account’s details from their user page. You can also update the user’s profile picture.
To update a managed account’s details:
  1. Go to admin.atlassian.com and select the organization the account is in.
  2. Choose the Directory tab and navigate to the Managed accounts page.
  3. Select the user from the managed accounts list.
  4. Select Show more details to expand the details section.
  5. Hover and click on the detail to change it.
  6. Enter the required change then select the tick button to save.

An org admin can update a managed account’s email address, however, they need to make sure to verify the domain for the email they want to use.

Reset a managed account's password

An org admin can require a managed account to set a new password from their user page.
To require a managed account to update their password:
  1. Go to admin.atlassian.com and select your organization.
  2. Choose the Directory tab and navigate to the Managed accounts page.
  3. Select the user from the managed accounts list.
  4. Select Reset password from the top right of the user’s page.
  5. Take note of the confirmation message then select Reset password again.
Atlassian will log out the user and prompt them to set a new password.
How was this lesson?

next lesson

Grant access to your organization

  • Grant access through roles and domains
  • Grant access through invitations
  • Manage access requests
Go to next lesson

Community

Forums

FAQsForums guidelines

Learning

About learningResources

Events

Champions

Copyright © 2025 Atlassian
Report a problemPrivacy PolicyNotice at CollectionTermsSecurityAbout