It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Not able to set up SAML SSO because I am unable to verify my domain.

I set up a site and verified my domain, unfortunately I was completely locked out of that site because a saml setting was wrong and I did not create a user that was not a member of the domain as a back door back in. I was unaware I needed to, but now I am. So I had that site deleted and created a new one. I can not verify my domain on the new site, because it says the site is already verified on another site. I contacted support and was told to submit this to the community for help.

So please, I need help. I can not move forward to set up SSO without being able to verify the domain. 

1 answer

Are you using Cloud version of Jira or Server? Are you using Active Directory or G-Suite or some type of way to connect your instance?

If you log into your domain and Disconnect the DNS records this should release the domain connection on the old version. If you could give some insight on your setup it would be easier to walk you through the process!

Hi Aaron,

I am using the cloud version with the trial version of atlassian access. 

I disconnected the dns record last week when I was locked out. I was hoping it would automatically release the domain connection, but it didn’t, and still hasn’t.  Do you know about how many days it needs to be disconnected before it checks again and sees that domain can not be verified?

Thank you so much for responding!!

I thought it would be instant as the domain verification has to happen right away. Have your reached out to support?

I know when your saml is set up you need to have correct admin settings and group set with correct users. 

Did you have more user setup along with you? 

What SSO where you using you might have to shut the SSO connection off also to get back in an connect the domain? 

If you need more assistance please reach out. ageister@project-icon.com 

Otherwise support might be able to help also. 

I was setting up a SAML connection with Okta. I must have had an incorrect setting but because I locked myself out when I made the saml connection and I couldn't go back in and double check my configuration. I do remember the error saying something was wrong with the redirect URL.

I contacted support first. I sent screenshots of the the error when I tried to verify the domain. They told me to reach out to the community and closed the ticket. This is the error I get when I try to verify the domain "Someone already verified this domain under another organization." That domain was verified on an account I was locked out of, so I had it deleted. I did receive an email from Atlassian stating that they can not verify my domain, since I removed the TXT record from the DNS. Hopefully after another 10 or so days I can try again? In the email it said something about not being able to add users after 14 days?

There is a 14 day grace period to add and delete when you have issue like this from what I know Atlassian support and can push those grace periods though. I would wait. The other thing you could do is have support delete your current trail and start a new one due to the issue. It might be faster then waiting 14 days. 

What I would do is get your instance set up make sure there is a admin group so you can always get into your instance and double check your saml settings before closing your instance. 

Yeah, for sure, this has been a very painful and time consuming lesson. I will from now on always create a non domain admin account, 0365 requires that by default for this exact reason. I knew better.

Support basically is done with me. I have a free trial so I have been sent out to the community. So I will wait it out, and if in 14 days from when I deleted the DNS entry I still can't get in, I will just not SAML SSO to jira. I would like to prove it out and figure out what setting I had wrong so I can help others in the future, but at this point I guess I am in a holding pattern. 

You could try and delete that instance or ask them to and set up a new instance and connect to domain. SAML can be confusing. I never was unable to use an SSO before or have domain connection issues. If you need reach out I might be able to help more. I never had issue with support either not be willing to help but maybe it's because of the free trail. 

  • Did you try to registering a new instance? I would do that and then put in support request to delete the other. I am sure they can do more then what you have said. Disconnect your SSO from the okta side. I thought Okta was one of the preferred SSO also. I use JUMPCLOUD. Are you doing this for a business test? Really reach out sometimes it's easier to see what your working with. Jira is a lot to learn even on the cloud side. Best of luck. 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Atlassian Access

We're launching improved navigation for admins

Hi Atlassian Community, My name is Avni Barman and I am a Product Manager on the Atlassian Access team! One of my top priorities is to help make the administrator's life easier through improved pro...

289 views 0 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you