Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,458,036
Community Members
 
Community Events
176
Community Groups

Enforcing security across multiple domains

I just set my site up as an organization, so that I can add Atlassian Access and enforce password management, allow for single sign on, and be able to have admin level rights to the audit log. However, I just noticed that I can only apply Atlassian Access to the domains that I own. My site is for a multiple team contract including federal government, state government, various contractors and consultants across multiple domains. 97 to be exact. I will only be able to verify my own domain, not the other 96. So if I read everything on your site correctly, there's no way I can enforce ANY security feautures unless those accounts are on my own, verified domain?? How is this okay?? That is a huge liability and it doesn't help secure our site at all. 

Please tell me I'm wrong and that there is another way to require users of my site to change their passwords and choose more secure passwords than "123"

1 answer

1 accepted

0 votes
Answer accepted

Hello Shira, 

Welcome to Atlassian Community! 

I could understand how frustrating it is to be in this situation, so I am sorry for that.
As you already guessed, I am afraid there is no direct way to apply Atlassian Access security policies to domains that were not verified, which means domains that you do not own, as mentionned in the Domain verification considerations section of the documentation on Verifying a domain for your organization

 

If you want to verify a domain that you don't own

To protect the privacy and security of Atlassian's users, it's not possible to verify domains that you don't own.

If you'd like to apply Atlassian Access security policies for these users, ask them to change their email address to a domain that you can then verify, or invite them to create Atlassian accounts that use email addresses from the domain.

 

But, as also mentionned in the quote above, it is possible that the users in domains that you don't own change their email address so that they could use a domain you own and you can verify. You could for example ask them (or their admin teams) to create aliases for their email adresses, with one of your domains as a domain name.

But, before performing this action, I advise you to contact the Atlassian Support at : https://support.atlassian.com/contact/#/; they will be able to assist you. 

Thank you and wish you a good luck on that point.

Boris

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events