Not able to set up SAML SSO because I am unable to verify my domain.

Jennifer_Saylor June 22, 2020

I set up a site and verified my domain, unfortunately I was completely locked out of that site because a saml setting was wrong and I did not create a user that was not a member of the domain as a back door back in. I was unaware I needed to, but now I am. So I had that site deleted and created a new one. I can not verify my domain on the new site, because it says the site is already verified on another site. I contacted support and was told to submit this to the community for help.

So please, I need help. I can not move forward to set up SSO without being able to verify the domain. 

1 answer

0 votes
Aaron Geister
Contributor
June 22, 2020

Are you using Cloud version of Jira or Server? Are you using Active Directory or G-Suite or some type of way to connect your instance?

If you log into your domain and Disconnect the DNS records this should release the domain connection on the old version. If you could give some insight on your setup it would be easier to walk you through the process!

Jennifer_Saylor June 24, 2020

Hi Aaron,

I am using the cloud version with the trial version of atlassian access. 

I disconnected the dns record last week when I was locked out. I was hoping it would automatically release the domain connection, but it didn’t, and still hasn’t.  Do you know about how many days it needs to be disconnected before it checks again and sees that domain can not be verified?

Thank you so much for responding!!

Aaron Geister
Contributor
June 24, 2020

I thought it would be instant as the domain verification has to happen right away. Have your reached out to support?

I know when your saml is set up you need to have correct admin settings and group set with correct users. 

Did you have more user setup along with you? 

What SSO where you using you might have to shut the SSO connection off also to get back in an connect the domain? 

If you need more assistance please reach out. ageister@project-icon.com 

Otherwise support might be able to help also. 

Jennifer_Saylor June 25, 2020

I was setting up a SAML connection with Okta. I must have had an incorrect setting but because I locked myself out when I made the saml connection and I couldn't go back in and double check my configuration. I do remember the error saying something was wrong with the redirect URL.

I contacted support first. I sent screenshots of the the error when I tried to verify the domain. They told me to reach out to the community and closed the ticket. This is the error I get when I try to verify the domain "Someone already verified this domain under another organization." That domain was verified on an account I was locked out of, so I had it deleted. I did receive an email from Atlassian stating that they can not verify my domain, since I removed the TXT record from the DNS. Hopefully after another 10 or so days I can try again? In the email it said something about not being able to add users after 14 days?

Aaron Geister
Contributor
June 25, 2020

There is a 14 day grace period to add and delete when you have issue like this from what I know Atlassian support and can push those grace periods though. I would wait. The other thing you could do is have support delete your current trail and start a new one due to the issue. It might be faster then waiting 14 days. 

What I would do is get your instance set up make sure there is a admin group so you can always get into your instance and double check your saml settings before closing your instance. 

Jennifer_Saylor June 25, 2020

Yeah, for sure, this has been a very painful and time consuming lesson. I will from now on always create a non domain admin account, 0365 requires that by default for this exact reason. I knew better.

Support basically is done with me. I have a free trial so I have been sent out to the community. So I will wait it out, and if in 14 days from when I deleted the DNS entry I still can't get in, I will just not SAML SSO to jira. I would like to prove it out and figure out what setting I had wrong so I can help others in the future, but at this point I guess I am in a holding pattern. 

Aaron Geister
Contributor
June 25, 2020

You could try and delete that instance or ask them to and set up a new instance and connect to domain. SAML can be confusing. I never was unable to use an SSO before or have domain connection issues. If you need reach out I might be able to help more. I never had issue with support either not be willing to help but maybe it's because of the free trail. 

  • Did you try to registering a new instance? I would do that and then put in support request to delete the other. I am sure they can do more then what you have said. Disconnect your SSO from the okta side. I thought Okta was one of the preferred SSO also. I use JUMPCLOUD. Are you doing this for a business test? Really reach out sometimes it's easier to see what your working with. Jira is a lot to learn even on the cloud side. Best of luck. 

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events