Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What to do if we can't verify 10 different external 3rd party domains (and using Okta)

Eric Karlinsky
Eric Karlinsky
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 20, 2020

Hi,

We're a global service provider and we're setting up a Jira / Okta integration where several employees of large global 3rd parties need access, each with their own domain. So users will be onboarded in Okta and Okta will do the Authentication and Authorization before accessing Jira.

The issue we have now is how to verify all these different domains? Can you imagine what it takes to add something to global companies websites or DNS?? And these are companies with more than 100.000 employees, so imagine the process to get this approved and done..

And why would you verify domains if Atlassian trusts Okta to do Authentication and Authorization? It really doesn't make sense. 

I really would like to know how you would solve this. More and more companies will connect to each other, it is simply not doable to do all these domain verification.

Please suggest some best practices.

Thanks,

Bert deRoos

Answer
Watch
Like Be the first to like this
1094 views

1 answer

1 accepted

1 vote
Answer accepted
Ankit
Ankit
Atlassian Partner
May 17, 2020

Hi Ajay,

You don't need to move the accounts to SAML. It works automatically.

Since you're being redirected for SAML SSO with Okta, you must be entering the right email address, but the value coming in from Okta might be mismatching.

I think Atlassian Access picks up the NameID value from SAML assertion. You'll need to check if that value has the correct email address. To check this value you can use SAML Tracer, or you can upload it here using these steps so I can check it:

  1. Download SAML tracer add-on : Firefox [ Link ] | Chrome [ Link ]

  2. Open the SAML tracer from the Browser toolbar

  3. Keep the SAML tracer window open

  4. Reproduce the issue.

  5. Go to SAML Tracer window

  6. Click on export. Select None as cookie-filter-profile

  7. Select the destination for the exported file and send me that file.

Hope this helps.

 

Thanks,

Ankit

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security