You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We are preparing to implement user provisioning via Okta, and as a result, we want to completely disable any way for users to log in with any email other than the one tied to our Okta SSO.
For example, users can log in with email@example.com with Okta SSO, but any other email will be rejected out of hand.
Right now there seems to be an out-of-box access policy that pretty much lets people sign up with any email address they want. This access policy is marked as a “Default” right next to our Okta policy which confusingly is also labeled “Default”
Hi @Alex Billings,
Welcome to Atlassian Community!
Those two default policies are expected, one it for the local user directory (for users that are not synced from idP) and the other one is for your synced Okta users. Each user directory can have multiple policies and the default indicate one Atlassian should add the user to. You can learn move about authentication policies in this KB.
No, but you can control that under Products > User access settings where you can add approved domains and then set what users get access to.