You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
If I have a verified domain in Atlassian Access I will control all users for the domain in Atlassian Access, right?
I now can have sites that are under my Atlassian Access and the can be sites that are not under Atlassian Access where my claimed users reside.
What is the main difference of the 2 sites, and what changes if/when I moved the sites not under Atlassian Access into my Atlassian Access...
Update : This is a question from a customer as part of a migration/consolidation process, where https://support.atlassian.com/security-and-access-policies/docs/how-to-work-with-admins-of-discovered-products/ states:
Do nothing and allow products to remain separate
Depending on your company size or how employees are using the product, you may decide to do nothing about a discovered product. If you chose this option, these products will remain in the Discovered products list, and users will continue managing them separately.
To me this seems only partly true, as soon as You verify the domain and claim users, I guess ALL users of that domain in all Atlassian Sites can be controlled, like disabled(?)
So "continue managing them separately" is only partly true...
At the most basic answer. Sites that are not under Atlassian Access do not benefit from the advanced security configurations and cannot be setup for SSO.
However, I believe that unless your customer is on an Enterprise plan they cannot have more that one site of the same product type exist within a single organization and only one Atlassian organization can claim a domain name.
I hope that helps!
Hi, thats parly a good answer, lets take an example:
My user email@example.com in in Atlassian Access (it is)
I am also using and granted access to vendor.atlassian.net
But my user is still 100% controlled at Atlassian Access level right? Så I my manager enforces SSO or disabled me, this will affect my using of vendor.atlassian.net, right?
@Normann P_ Nielsen _Netic_ yes you are correct!
Once you have verified a domain in one organization, that organization's Atlassian Access has the ability to control the "has site access" of your account which can affect other sites you may access with your account from their domain.
Just to be clear, If I logout of Atlassian completely, and try to access https://metainf.atlassian.net/servicedesk/customer/portal/1/ as firstname.lastname@example.org - I get promped for the:
And this is not META-INF forcing me to SSO, that is my Atlassian Access relationship. And META-INF is not under that one.
Domain verification is just a way to activate managed accounts.
Managed accounts are a prerequisite for Atlassian Access in order to connect your accounts to an identity provider, enable SSO or 2FA.
So you may have managed accounts (from a specific domain) which are connected to your identity provider (via Atlassian Access) while other accounts (from another domain) are simply Atlassian accounts with separate credentials.
I dont think that answered my quistion....
I am aware of what You are writing.
My question is what is the difference on sites that are in Atlassian Access, and sites that are not - or what will happen on a move:
All netic.dk users are in Atlassian Access - so whats the changes/benefits of this move.
They are managed from the aspect that the Netic A/S organization has control over their overall site access. And, as a benefit any site within the Netic A/S organization they can use SSO to access those sites (looks like Confluence and Jira/JSM)
For the other site in the unnamed organization that only has Confluence, they won't be able to use SSO and they will never be an option as long as the Atlassian ID they are using is from the Netic A/S verified domain.
I hope that helps clear things up.