Trying to set up authentication via Azure AD

System Administrator
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 9, 2024

I have managed to get users on the system but authentication isn’t working.  I've been following https://community.atlassian.com/t5/Atlassian-Access-articles/How-To-Atlassian-Access-Configure-SAML-SSO-Authentication/ba-p/1949816#U2570565.

Later it tells me to:

 

  • navigate to the Security → Authentication policies menu options

  • If you don’t already have a security policy with “Enforce single sign-on“ checked, click Add Policy (otherwise skip to #5 )

  • In the popup, enter a name for the policy (use something that will make sense later like “Enforce SSO“), then click the “Add“ button.

 

I have set up SAML:

image.png

The admin page tells me I still need to verify my domain even though I thought I had:

image.png

My domain is verified.

image.png

Despite this when I attempt to link  my domain there’s nothing in the list.

image.png

What am I missing?

 

Update:

OK, so random poking about has got me somewhere although it still isn't right.  I had to claim my accounts but now I have a load of people listed who shouldn't have access.

I have two Authetication Policies.  One is linked to my Azure AD, the other seems to be local to Atlassian.  There doesn't seem to be  a way to remove the Local policy.

Aha!

It turns out I can set the local policy to non-billable and deactivate accounts which shouldn't have access.  Hopefully that will get the result I'm after, given the lack of useful instructions it's mostly guesswork.

1 answer

1 accepted

Suggest an answer

Log in or Sign up to answer
1 vote
Answer accepted
System Administrator
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 10, 2024

Continued poking about (I prefer not to learn these things by trial and error but the help pages don't help) and eventually I found an option to claim accounts.  I did that and ended up with lots of users on my instance, tidying those up is a matter of deciding who should have access via which method - I now have one Authentication Policy for Azure and one for people who use services I don't manage.  I set the second to non-billable since those aren't my problem.  So far it seems to be working.

Tomislav Tobijas
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 11, 2024

Just a note here - based on my knowledge, you can only move accounts from local directory to non-billable policy. So, if you have users which are synced from IdP, they will land on default authentication policy for that IdP which cannot be set as non-billable.

The thing is, for all plans except Enterprise, any of your managed/claimed accounts can sign up for new product (basically open up new Jira site or something similar), and they'll automatically become billable for Atlassian Access (in case they aren't already).

Like System Administrator likes this
TAGS
AUG Leaders

Atlassian Community Events