You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I have searched a lot for this topic, but I could not find a good answer anywhere.
I have an Atlassian Jira Cloud environment and now every user is created in Jira and access using email and password.
I am investigating the Atlassian Access package, considering to implement SSO with OKTA and/or enforce 2FA, (I am not planning to provision users via OKTA).
Question: is it possible to enable SSO only for a subset of users(e.g. internal users), and have other users access with username and password?
Thank you very much
Have a nice day,
Thanks for using Atlassian Community.
For a short answer, you can only enable SSO via Okta to the internal users in your Jira site. When you integrate with Okta, the 2FA feature on Okta side will be used.
To give more context on that :
Atlassian cloud uses a centralized identity service in https://id.atlassian.com. Here, an end user will have a single account identified by a unique email address. That account is the user's online identity and access into different cloud sites are granted on that account.
On Jira cloud side, the owners of the site controls which Atlassian Accounts gets access to their site.
Atlassian Access allows organizations to claim ownership of Atlassian Accounts in that centralized identity service. When you claim your company's domain in Atlassian cloud, you effectively take ownership of all Atlassian Accounts with an email address under your company's domain. You can then further enforce SSO via Okta to those accounts.
On the Jira cloud site, only accounts under your company's domain will be enforced to login via Okta. These accounts are effectively your internal users. The rest will keep using the default Atlassian Account login password or any SSO that their own organization may have enforced on Atlassian Cloud.
There are 2 admin hats in play here.
Here is the login experience for the users :
I hope this helps.