Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,464,836
Community Members
 
Community Events
176
Community Groups

The difference of a site under and outside Atlassian Access for claimed domains

Edited

If I have a verified domain in Atlassian Access I will control all users for the domain in  Atlassian Access, right?

 

I now can have sites that are under my Atlassian Access and the can be sites that are not under Atlassian Access where my claimed users reside.

 

What is the main difference of the 2 sites, and what changes if/when I moved the sites not under Atlassian Access into my Atlassian Access...

 

Update : This is a question from a customer as part of a migration/consolidation process, where https://support.atlassian.com/security-and-access-policies/docs/how-to-work-with-admins-of-discovered-products/ states:

 

Do nothing and allow products to remain separate

Depending on your company size or how employees are using the product, you may decide to do nothing about a discovered product. If you chose this option, these products will remain in the Discovered products list, and users will continue managing them separately.

 

To me this seems only partly true, as soon as You verify the domain and claim users, I guess ALL users of that domain in all Atlassian Sites can be controlled, like disabled(?)

So "continue managing them separately" is only partly true...

2 answers

1 vote
Jimmy Seddon Community Leader Feb 04, 2022

Hey @Normann P_ Nielsen _Netic_,

At the most basic answer.  Sites that are not under Atlassian Access do not benefit from the advanced security configurations and cannot be setup for SSO.

However,  I believe that unless your customer is on an Enterprise plan they cannot have more that one site of the same product type exist within a single organization and only one Atlassian organization can claim a domain name.

I hope that helps!

-Jimmy

Hi, thats parly a good answer, lets take an example:

 

My user npn@netic.dk in in Atlassian Access (it is)

 

I am also using and granted access to vendor.atlassian.net

 

But my user is still 100% controlled at Atlassian Access level right? Så I my manager enforces SSO or disabled me, this will affect my using of vendor.atlassian.net, right?

Like Jimmy Seddon likes this
Jimmy Seddon Community Leader Feb 04, 2022

@Normann P_ Nielsen _Netic_ yes you are correct! 

Once you have verified a domain in one organization, that organization's Atlassian Access has the ability to control the "has site access" of your account which can affect other sites you may access with your account from their domain.

Just to be clear, If I logout of Atlassian completely, and try to access https://metainf.atlassian.net/servicedesk/customer/portal/1/ as npn@netic.dk - I get promped for the:

 

Screenshot 2022-02-04 at 13.52.35.png

 

And this is not META-INF forcing me to SSO, that is my Atlassian Access relationship. And META-INF is not under that one.

0 votes
Dave Mathijs Community Leader Feb 04, 2022

Hi @Normann P_ Nielsen _Netic_ ,

Domain verification is just a way to activate managed accounts.

Managed accounts are a prerequisite for Atlassian Access in order to connect your accounts to an identity provider, enable SSO or 2FA.

So you may have managed accounts (from a specific domain) which are connected to your identity provider (via Atlassian Access) while other accounts (from another domain) are simply Atlassian accounts with separate credentials.

I dont think that answered my quistion....

I am aware of what You are writing. 

 

My question is what is the difference on sites that are in Atlassian Access, and sites that are not - or what will happen on a move:

 

Screenshot 2022-02-04 at 10.54.47.png

All netic.dk users are in Atlassian Access - so whats the changes/benefits of this move.

Dave Mathijs Community Leader Feb 04, 2022

The site that is not under Atlassian Access (the bottom one) currently does not have a verified domain, thus the users of that domain are not managed. Once you verify the domain for that site, it can be managed via Atlassian Access.

Jimmy Seddon Community Leader Feb 04, 2022

With the assumption that you aren't trying to verify the same domain for multiple Atlassian organizations, because you can't do that.

The site can have users from many domains...

 

So whats in "thus the users of that domain are not managed. "

 

Because some users in the site are managed partly from an Atlassian Access where the domain is verified and the user claimed, right?

Jimmy Seddon Community Leader Feb 04, 2022

They are managed from the aspect that the Netic A/S organization has control over their overall site access.  And, as a benefit any site within the Netic A/S organization they can use SSO to access those sites (looks like Confluence and Jira/JSM)

For the other site in the unnamed organization that only has Confluence, they won't be able to use SSO and they will never be an option as long as the Atlassian ID they are using is from the Netic A/S verified domain.

I hope that helps clear things up.

-Jimmy

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS

Atlassian Community Events