Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Atlassian managed accounts and Azure AD


I have added my domain name to the atlassian admin organization section. I plan to integrate with Azure AD so my users will authenticate with their Azure AD credentials for all things Atlassian based. 

When I verified by domain name a large number of users were pulled in as managed accounts (to my surprise). These users access my customers JIRA or have at some stage signed up for an Atlassian account I assume. 

My question is what will be the experience for these users if I fully integrate with my Azure AD. 

  1. Will the managed accounts still login with their existing passwords?
  2. Will they be forced to change from using their existing Atlassian credentials to using their Azure AD credentials?
  3. These managed accounts appear to incur a cost which puzzles me as they are accessing my customers Jira.




1 answer

1 accepted

1 vote
Answer accepted
Daniel Eads Atlassian Team Apr 01, 2019

Hey Simon,

Welcome to the Community! I'm going to assume that by "fully integrate with Azure AD", you mean also enabling SAML SSO as described in the Azure AD guide for Atlassian Cloud. Let's take a look at your questions:

  1. Will the managed accounts still login with their existing passwords?
    The accounts will use their existing Azure AD passwords once you've fully integrated Atlassian Cloud to use SAML from Azure AD. Users will no longer use their Atlassian passwords to sign in to your Atlassian services.
  2. Will they be forced to change from using their existing Atlassian credentials to using their Azure AD credentials?
    If you enable SAML SSO with Azure AD, your users will see an Azure AD sign-in screen on Atlassian Cloud products if they aren't already signed in to Azure AD. If they do already have an active Azure AD session (by being logged in to Office365 for example), they will not be prompted with any login screen at all.

  3. These managed accounts appear to incur a cost which puzzles me as they are accessing my customers Jira.
    Account managed via Atlassian Access (our identity management solution) are by subscription. You're required to have domain verification to manage any accounts, so presumably this should only pick up accounts you control already (example: If customers from another company have accounts on your Jira, you shouldn't be able to subscribe those accounts to Atlassian Access unless you also control the domain they are coming from ( If you could explain a little more about what accounts you're not expecting to manage and if they are part of your domain or not, that would help clear up the situation.

It's also possible to not add SAML SSO to an Access policy, which would have users continue on with their existing Atlassian passwords separate from your Azure AD setup. You would apply any password policy you wanted to through Atlassian Access then (per our instructions here) and Access would also manage any MFA policies for those Atlassian accounts. The downside of this is that you wouldn't have Single-Sign-On with the other applications you already have set up with Azure AD, and your users would have to manage two different sets of credentials. With SAML SSO enabled, Atlassian Access would hand off password management and MFA to Azure as described here.

Hope that clears things up,
Daniel | Atlassian Support

  1. Perfect thanks
  2. Again thanks
  3. Ok need a little more clarity here. You are correct the managed accounts that it pulls in are from my domain. These are accounts that have signed up to access Jira services in my customers jira instance. My customer is paying for the JIRA licenses however it appears I also have to pay for these users as I verified my domain in Atlassian access. I believe they are $3 per managed account per month. This seems unusual as if my customer invites all my users and has sufficient licenses I also have to pay $3 per user. I might be missing something here! thanks.
Daniel Eads Atlassian Team Apr 04, 2019

For point number three - I see what you're saying. Your concern is that your customer has paid for the users in your domain to access the customer's Jira instance already, so you're not sure why there is now a charge to you in Atlassian Access. I definitely understand the confusion!

The Atlassian Access services (password policy enforcement, MFA, SSO, etc) are provided to the individual Atlassian accounts which may connect to one or more Jira/Confluence instances. Each instance those accounts use needs its own user seat (for example, your customer paying for people in your company to use your customer's Jira). If you added a new Jira instance at your company, the users that are in your customer's Jira would still need new seats in your own Jira. However, since Atlassian Access is on the individual user account level, those users would be under the same Atlassian Access subscription no matter how many Jira/Confluence instances they were connected to.

I hope that makes a little more sense! Definitely understand where you're coming from. The Atlassian Access subscription is only something that you would pay for those users, as the authentication (especially SSO) is designed to let you enforce your company's security policies across any Atlassian products the users at your company are connecting to. Nobody else will pay for Atlassian Access for those users. But they will need seats to add those users to Jira/Confluence/etc.


Like Kalin U likes this

Can user able to change password from Jira or confluence after azure AD integration?




Daniel Eads Atlassian Team Oct 07, 2019

@Senthil Kumar in a SAML-enabled setup, password management is handled by the identity provider (such as Azure AD). Jira and Confluence will redirect users to the login screen for your identity provider. Passwords won't be handled in Jira and Confluence. To change a password with Azure AD configured for SSO, users would need to follow Microsoft's regular steps for password changes in Azure AD.


Like Kalin U likes this

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events