CLOSED: AMA - All things Atlassian Access

CLOUD-10325 / Product Requests allow Enterprise customers to prevent their claimed / managed users from creating signing up to new Atlassian products / sites.

When will this be made available to all Atlassian Access plans? If not, why not?

FREE Trello / Bitbucket in particular causes a significant impact to the plans for Standard and Premium customers. Enterprises are arguably less financially impacted as their enterprise users (intentionally licenced users) already have Atlassian Access included.

This functionality was voted for by all Atlassian Access users however only Enterprise users are benefiting from a range of Atlassian Access features.

Hi! What are some pitfalls to avoid when setting up Atlassian Access?
Also, what prep work/data clean-up would you recommend beforehand?
Any additional best-practices before/during set-up? 
Thanks!! 😊

Is a feature planned to transfer all user accounts of the associated domain to the new default policy after a directory has been added?

When linking domains to a directory, it would be very handy if you could directly select all the domains that have previously been claimed with a single click and not have to select all the domains individually.
Is there a trick for this?

Further questions about Automatic setup Provisioning (Entra ID)

You can claim domains twice via "Automatically set up user provisioning", for example if you have verified a domain before setting up Atlassian Access. In this case, the domains are then shown twice in drop-downs. Is this a intended behavior?

The "All Directory Sync" via the "Automatically set up user provisioning" function can take a very long time, depending on the system. A rough progress bar would be great.

Are further options for limiting the All Directory Sync planned for the future, for example only synchronising security groups?

We have some Questions regarding SAML configuration:

Will there be a way of configuring SAML via metadata.xml? With URL would be optimal to be able to switch certificates purely via the IdP?

It would be great to display the configuration URLs of Access ("SP Entity ID" & "SP Assertion Consumer Service URL") on one page together with the configuration. Currently you have to enter the placeholders in the Entity ID to be able to download the certificate, for example. Is a feature planned for this?

In our ecosystem, we have differing levels of users that interact with Jira in different ways.  In the case of our largest population of users that have high add/remove change rates, we face some challenges that don't have easy answers like assigning the right authentication policy so we can vary session termination values without impact to other users.

As a Premium customer, how can I use automation to handle the high volume changes occurring in our Access user population and easily automate authentication policy assignment or change assignment en masse for any given population?

We also have a use case where our HR team interacts with personnel through email in JSM, and the inclusion of special Customer records using this email address is pervasive in every project throughout Jira, and this has an adverse effect on selecting the right "user" in Jira Software projects that are only used to seeing 200+ users.  Now they also see all the HR Customers when selecting an Assignee or Reporter.

Is there anyway with Access to limit the visibility of any population of user records such that they don't appear in a Project?  Any tricks outside of Access?

We need to see additional functionality in managing Session Termination settings, reflected this in a request at https://jira.atlassian.com/browse/ACCESS-1740 - noted there are quite a few adjacent/similar requests, would like to see Atlassian tackle this promptly as it has implications for your FEDRAMP ambitions and customer base.