You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I just set my site up as an organization, so that I can add Atlassian Access and enforce password management, allow for single sign on, and be able to have admin level rights to the audit log. However, I just noticed that I can only apply Atlassian Access to the domains that I own. My site is for a multiple team contract including federal government, state government, various contractors and consultants across multiple domains. 97 to be exact. I will only be able to verify my own domain, not the other 96. So if I read everything on your site correctly, there's no way I can enforce ANY security feautures unless those accounts are on my own, verified domain?? How is this okay?? That is a huge liability and it doesn't help secure our site at all.
Please tell me I'm wrong and that there is another way to require users of my site to change their passwords and choose more secure passwords than "123"
Welcome to Atlassian Community!
I could understand how frustrating it is to be in this situation, so I am sorry for that.
As you already guessed, I am afraid there is no direct way to apply Atlassian Access security policies to domains that were not verified, which means domains that you do not own, as mentionned in the Domain verification considerations section of the documentation on Verifying a domain for your organization.
If you want to verify a domain that you don't own
To protect the privacy and security of Atlassian's users, it's not possible to verify domains that you don't own.
If you'd like to apply Atlassian Access security policies for these users, ask them to change their email address to a domain that you can then verify, or invite them to create Atlassian accounts that use email addresses from the domain.
But, as also mentionned in the quote above, it is possible that the users in domains that you don't own change their email address so that they could use a domain you own and you can verify. You could for example ask them (or their admin teams) to create aliases for their email adresses, with one of your domains as a domain name.
But, before performing this action, I advise you to contact the Atlassian Support at : https://support.atlassian.com/contact/#/; they will be able to assist you.
Thank you and wish you a good luck on that point.