Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

Recognition

  • Give kudos
  • My kudos

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Enforcing security across multiple domains

I just set my site up as an organization, so that I can add Atlassian Access and enforce password management, allow for single sign on, and be able to have admin level rights to the audit log. However, I just noticed that I can only apply Atlassian Access to the domains that I own. My site is for a multiple team contract including federal government, state government, various contractors and consultants across multiple domains. 97 to be exact. I will only be able to verify my own domain, not the other 96. So if I read everything on your site correctly, there's no way I can enforce ANY security feautures unless those accounts are on my own, verified domain?? How is this okay?? That is a huge liability and it doesn't help secure our site at all. 

Please tell me I'm wrong and that there is another way to require users of my site to change their passwords and choose more secure passwords than "123"

1 answer

1 accepted

0 votes
Answer accepted

Hello Shira, 

Welcome to Atlassian Community! 

I could understand how frustrating it is to be in this situation, so I am sorry for that.
As you already guessed, I am afraid there is no direct way to apply Atlassian Access security policies to domains that were not verified, which means domains that you do not own, as mentionned in the Domain verification considerations section of the documentation on Verifying a domain for your organization

 

If you want to verify a domain that you don't own

To protect the privacy and security of Atlassian's users, it's not possible to verify domains that you don't own.

If you'd like to apply Atlassian Access security policies for these users, ask them to change their email address to a domain that you can then verify, or invite them to create Atlassian accounts that use email addresses from the domain.

 

But, as also mentionned in the quote above, it is possible that the users in domains that you don't own change their email address so that they could use a domain you own and you can verify. You could for example ask them (or their admin teams) to create aliases for their email adresses, with one of your domains as a domain name.

But, before performing this action, I advise you to contact the Atlassian Support at : https://support.atlassian.com/contact/#/; they will be able to assist you. 

Thank you and wish you a good luck on that point.

Boris

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

681 views 0 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you