Not able to set up SAML SSO because I am unable to verify my domain.

Hi Aaron,

I am using the cloud version with the trial version of atlassian access. 

I disconnected the dns record last week when I was locked out. I was hoping it would automatically release the domain connection, but it didn’t, and still hasn’t.  Do you know about how many days it needs to be disconnected before it checks again and sees that domain can not be verified?

Thank you so much for responding!!

I thought it would be instant as the domain verification has to happen right away. Have your reached out to support?

I know when your saml is set up you need to have correct admin settings and group set with correct users. 

Did you have more user setup along with you? 

What SSO where you using you might have to shut the SSO connection off also to get back in an connect the domain? 

If you need more assistance please reach out. ageister@project-icon.com 

Otherwise support might be able to help also. 

I was setting up a SAML connection with Okta. I must have had an incorrect setting but because I locked myself out when I made the saml connection and I couldn't go back in and double check my configuration. I do remember the error saying something was wrong with the redirect URL.

I contacted support first. I sent screenshots of the the error when I tried to verify the domain. They told me to reach out to the community and closed the ticket. This is the error I get when I try to verify the domain "Someone already verified this domain under another organization." That domain was verified on an account I was locked out of, so I had it deleted. I did receive an email from Atlassian stating that they can not verify my domain, since I removed the TXT record from the DNS. Hopefully after another 10 or so days I can try again? In the email it said something about not being able to add users after 14 days?

There is a 14 day grace period to add and delete when you have issue like this from what I know Atlassian support and can push those grace periods though. I would wait. The other thing you could do is have support delete your current trail and start a new one due to the issue. It might be faster then waiting 14 days. 

What I would do is get your instance set up make sure there is a admin group so you can always get into your instance and double check your saml settings before closing your instance. 

Yeah, for sure, this has been a very painful and time consuming lesson. I will from now on always create a non domain admin account, 0365 requires that by default for this exact reason. I knew better.

Support basically is done with me. I have a free trial so I have been sent out to the community. So I will wait it out, and if in 14 days from when I deleted the DNS entry I still can't get in, I will just not SAML SSO to jira. I would like to prove it out and figure out what setting I had wrong so I can help others in the future, but at this point I guess I am in a holding pattern. 

You could try and delete that instance or ask them to and set up a new instance and connect to domain. SAML can be confusing. I never was unable to use an SSO before or have domain connection issues. If you need reach out I might be able to help more. I never had issue with support either not be willing to help but maybe it's because of the free trail. 

• Did you try to registering a new instance? I would do that and then put in support request to delete the other. I am sure they can do more then what you have said. Disconnect your SSO from the okta side. I thought Okta was one of the preferred SSO also. I use JUMPCLOUD. Are you doing this for a business test? Really reach out sometimes it's easier to see what your working with. Jira is a lot to learn even on the cloud side. Best of luck.