Dear Community, let me give you some context: I've got customer who is using Jira and Confluence in Data Center hosted on their AWS. They have authorized company domain and run it with Atlassian Access already. What we want to do is to spin up new Cloud Jira Service Management for one of the teams that belong to the same org. We would like to use SSO and SAML within Atlassian Access. However learned that if the domain is already verified we can't use the same domain for another instance and other Access product. My questions are following:* if this the case that when the domain was already verified in one Atlassian Access can it be used in another one or not? -> see here Another organization already verified the domain If someone else has already verified the domain, we’ll display a warning message letting you know. In this situation, someone at your company might have verified the domain under another organization. We recommend that you find an admin of that organization and ask them to remove the domain from its list of verified domains* what could be alternative ways to enable people in the same org to access completely different (cloud) Jira Service Management using same credentials they use to log into their network? - if there's any ;) * do you have any advise and/or potential workarounds?thank you in advance for any feedback in this mattercheers to everyone in the community :) Eva

Community
Q&A
Atlassian Guard
Questions
Using same domain for Cloud Product

issuer must be a valid URL or URN

I'm new to Access and I'm trying to set up SAML to authenticate against my Keycloak server.

When I try to add the SAML configuration it asks for my public x509 certificate. I got this from Keycloak, but then I get an error saying that the "issuer must be a valid URL or URN".

The common name in the certificate is just set to "<My Company Name>" and not a URL. I don't see how to change this in Keycloak.

Is that the cause of the problem? Is there a way to get around this?

1 answer

1 accepted

1 vote

Answer accepted

Hi @Eva Kasiak

Firstly - there is nothing from Atlassian's side stopping the customer from adding an additional JSM instance for your team within the old existing Organisation. Is there a reason within the customer that this option is off the table? Since per user costs of Access also go down at higher user tiers it will most likely be less expensive as well.

Second, if the users are claimed via the existing Access subscription, there is absolutely nothing stopping you creating the new JSM instance in a new organisation and inviting users that are claimed by the old organisation. In this case the main downside is that the users Access subscription will be paid for and managed via the old organisation (and JSM license paid by new org). Again, this may be ok or not depending on the organisation.

Also, there is an EAP for some functionality that might help if the users are really mutually exclusive (ie. the users for team that needs new JSM would never need any of the products managed by the existing organisation) - where each organisation could claim just a subset of the managed users:
https://www.atlassian.com/wac/roadmap/cloud/multi-org-domain-claims?p=34230be2-ab. There is a comment from an Atlassian on this ticket: https://jira.atlassian.com/browse/ACCESS-1450 which provides an email if this EAP would work in your case.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hey @Richard White _TechTime_ this was indeed helpful with the roadmap and the requests links. I have a meeting next week with Atlassian Technical person who will help us to dive deeper into the solution. But assuming the multi org domain claim is launch I think it should help us to achieve what we're looking for. Thanks a milion for taking the time and responding to my question :)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

issuer must be a valid URL or URN

1 answer

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Atlassian Community Events