DNS TXT Domain Verification

Michael Arruda April 18, 2019

Trying to verify a domain with a TXT record, but already have a TXT record for the base domain. If I add a second TXT record will I break the first one?

Example:

JIRA Cloud Instance #1 DNS TXT Record:

example.com IN TXT atlassian-domain-verification=foo

JIRA Cloud Instance #2 DNS TXT Record:

example.com IN TXT atlassian-domain-verification=bar

 

Thanks

1 answer

1 accepted

1 vote
Answer accepted
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 20, 2019

@Michael Arruda is this for a subdomain? You should be able to place a second TXT record for foo.example.com alongside example.com.

Michael Arruda
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 20, 2019

@Dave Meyer Thanks for your reply. No, it for the base domain. We already have another team with a TXT record, but we need to add one for our separate JIRA cloud subscription. Will there be any issues doing so?

Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 20, 2019

Hi @Michael Arruda, got it. Domains can only be verified for one organization at a time. It's independent of any Jira Cloud subscriptions you might have. Organizations (and domain verification) goes across all Atlassian cloud products and services.

So if Organization A has claimed example.com, all Atlassian accounts with @example.com email addresses will be managed by Organization A and Organization A's security policies (like SAML SSO) will apply to all @example.com users.

If Organization B adds a separate TXT record that it generates to verify example.com, then the domain claim will be transferred to Organization B. Then all @example.com accounts will be managed by Organzation B and Organization B's security policies (like SAML SSO) will apply to all @example.com users.

Like Chilla Sridhar likes this
Michael Arruda April 20, 2019

@Dave Meyer Got it. Since the other organization has already claimed the domain, it sounds like we won’t be able to perform domain verification and hence won’t be able to use SAML SSO. This is really unfortunate since we will now have to manage local accounts for several hundred users. Are there any alternative solutions you can suggest?

Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 20, 2019

@Michael Arruda what is preventing the existing organization that has already claimed the domain from configuring SAML SSO?

There's nothing stopping you form claiming the domain and setting up SAML SSO, as long as the other organization is OK with you having control over all accounts on the domain.

Michael Arruda April 20, 2019

@Dave Meyer @Sorry, I misunderstood. So it sounds like the second TXT record is fine as long as organization A is ok with us claiming the domain. The other problem is our company is so big that we don’t know who organization A belongs to. The only way we knew someone else was using it is because of the existing TXT record at example.com. Is there a way to figure that out by doing a reverse looking on your end? 

Thanks for the help. 

Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 21, 2019

Hi @Michael Arruda yes, please create a support request and we can help you out.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events