Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Multiple domains

Hi all


So we have a few company acquisitions that use domain aliases, with one Universal Principal Name in our Azure AD (we'll call this


To explain, all of these users log in with, but their default SMTP email address is is an alias of


If a user emails our service desk from, is Atlassian Access smart enough to recognise it's the same user as Since will be the username used by Atlassian SSO / User provisioning.


My concern is that if a user emails a query in using their email address, when they log in using their user account into the portal, they won't see their issued logged via email from the other address.


Hope this makes sense



3 answers

1 vote
Prince Nyeche
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Aug 14, 2020

Hi @Asher Francis 

Given that its two different domains and not the same email address, Atlassian access won't classify it as the same user. Therefore, the issues done with the won't be visible to the user if they login with the address. There's no way currently to merge account (two email addresses as one) for Cloud users.

It seems it doesn't work. For accounts in my company with a mismatch between userPrincipalName and primary SMTP they get a failed authentication. 

The only solution we have found so far is match the UPN and primary SMTP so it gets correctly fixed on Atlassian.

My suggestion is that you fix the mismatch on Active Directory before you try to even synchronize the accounts otherwise you will have even more work to fix the duplicate accounts created. 

0 votes
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Aug 14, 2020

There may be a convoluted way to solve this – I myself always wanted to test this.

You may want test verifying domain in Organisations, and enabling Atlassian Access for that. You will need at least 1 user in Atlassian Cloud with email (!) to succeed – perhaps create a dummy one? Configure SAML in Atlassian Access, but when configuring Azure AD side (as per in step 14 set the name-id value to the user.mail instead of UPN.

The idea here – the user goes to Atlassian Cloud, on the login page (as usual for them) enters their id, this triggers SAML SSO since this is the domain that is verified and SAML in Access is configured for this domain, Access redirects to Azure AD, the user authenticates, Azure AD responds to Cloud with name-id being the email i.e. with username. This is how this user will be known to Atlassian Cloud. This will ensure they have access to their JSD tickets.

Unfortunately, "test" here is a misnomer – while you doing this it will apply to anyone in the Cloud with username, including and Trello users. Also even if this succeeds – you will need to somehow rename all existing users in Cloud that currently have username to their emails.

I also suspect you will be able to apply the same SAML integration to domain (just in case some user uses that to identify themselves) though I am not sure how handover from Access to Azure AD will work here e.g. will they be presented with Azure AD login page asking to re-enter the id?

Also, it's important to note that the social login (Login with Microsoft) most probably won't work "in the same way as the SAML one", as it will continue sending whatever it is sending now. I actually think it will be sending the email now so If it is so, then perhaps it's fine...

Overall – I think the above is a bit too messy.

If the user part of the UPN is the same as the user part of email address i.e. you can easily derive one from the other – you may instead look at ScriptRunner for Jira Cloud and write a script that on create of a request in JSD, will examine the reporter's email, and if it is from, add the same person as Request Participant (or even replace the reporter)

Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events