Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Enforcing security across multiple domains

I just set my site up as an organization, so that I can add Atlassian Access and enforce password management, allow for single sign on, and be able to have admin level rights to the audit log. However, I just noticed that I can only apply Atlassian Access to the domains that I own. My site is for a multiple team contract including federal government, state government, various contractors and consultants across multiple domains. 97 to be exact. I will only be able to verify my own domain, not the other 96. So if I read everything on your site correctly, there's no way I can enforce ANY security feautures unless those accounts are on my own, verified domain?? How is this okay?? That is a huge liability and it doesn't help secure our site at all. 

Please tell me I'm wrong and that there is another way to require users of my site to change their passwords and choose more secure passwords than "123"

1 answer

1 accepted

0 votes
Answer accepted

Hello Shira, 

Welcome to Atlassian Community! 

I could understand how frustrating it is to be in this situation, so I am sorry for that.
As you already guessed, I am afraid there is no direct way to apply Atlassian Access security policies to domains that were not verified, which means domains that you do not own, as mentionned in the Domain verification considerations section of the documentation on Verifying a domain for your organization


If you want to verify a domain that you don't own

To protect the privacy and security of Atlassian's users, it's not possible to verify domains that you don't own.

If you'd like to apply Atlassian Access security policies for these users, ask them to change their email address to a domain that you can then verify, or invite them to create Atlassian accounts that use email addresses from the domain.


But, as also mentionned in the quote above, it is possible that the users in domains that you don't own change their email address so that they could use a domain you own and you can verify. You could for example ask them (or their admin teams) to create aliases for their email adresses, with one of your domains as a domain name.

But, before performing this action, I advise you to contact the Atlassian Support at :; they will be able to assist you. 

Thank you and wish you a good luck on that point.


Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Atlassian Access

Atlassian Access Demo Q&A Recap

Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...

1,108 views 2 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you