The difference of a site under and outside Atlassian Access for claimed domains

Normann P_ Nielsen _Netic_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2022

If I have a verified domain in Atlassian Access I will control all users for the domain in  Atlassian Access, right?

 

I now can have sites that are under my Atlassian Access and the can be sites that are not under Atlassian Access where my claimed users reside.

 

What is the main difference of the 2 sites, and what changes if/when I moved the sites not under Atlassian Access into my Atlassian Access...

 

Update : This is a question from a customer as part of a migration/consolidation process, where https://support.atlassian.com/security-and-access-policies/docs/how-to-work-with-admins-of-discovered-products/ states:

 

Do nothing and allow products to remain separate

Depending on your company size or how employees are using the product, you may decide to do nothing about a discovered product. If you chose this option, these products will remain in the Discovered products list, and users will continue managing them separately.

 

To me this seems only partly true, as soon as You verify the domain and claim users, I guess ALL users of that domain in all Atlassian Sites can be controlled, like disabled(?)

So "continue managing them separately" is only partly true...

2 answers

1 vote
Jimmy Seddon
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 4, 2022

Hey @Normann P_ Nielsen _Netic_,

At the most basic answer.  Sites that are not under Atlassian Access do not benefit from the advanced security configurations and cannot be setup for SSO.

However,  I believe that unless your customer is on an Enterprise plan they cannot have more that one site of the same product type exist within a single organization and only one Atlassian organization can claim a domain name.

I hope that helps!

-Jimmy

Normann P_ Nielsen _Netic_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2022

Hi, thats parly a good answer, lets take an example:

 

My user npn@netic.dk in in Atlassian Access (it is)

 

I am also using and granted access to vendor.atlassian.net

 

But my user is still 100% controlled at Atlassian Access level right? Så I my manager enforces SSO or disabled me, this will affect my using of vendor.atlassian.net, right?

Like Jimmy Seddon likes this
Jimmy Seddon
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 4, 2022

@Normann P_ Nielsen _Netic_ yes you are correct! 

Once you have verified a domain in one organization, that organization's Atlassian Access has the ability to control the "has site access" of your account which can affect other sites you may access with your account from their domain.

Normann P_ Nielsen _Netic_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2022

Just to be clear, If I logout of Atlassian completely, and try to access https://metainf.atlassian.net/servicedesk/customer/portal/1/ as npn@netic.dk - I get promped for the:

 

Screenshot 2022-02-04 at 13.52.35.png

 

And this is not META-INF forcing me to SSO, that is my Atlassian Access relationship. And META-INF is not under that one.

0 votes
Dave Mathijs
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 4, 2022

Hi @Normann P_ Nielsen _Netic_ ,

Domain verification is just a way to activate managed accounts.

Managed accounts are a prerequisite for Atlassian Access in order to connect your accounts to an identity provider, enable SSO or 2FA.

So you may have managed accounts (from a specific domain) which are connected to your identity provider (via Atlassian Access) while other accounts (from another domain) are simply Atlassian accounts with separate credentials.

Normann P_ Nielsen _Netic_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2022

I dont think that answered my quistion....

I am aware of what You are writing. 

 

My question is what is the difference on sites that are in Atlassian Access, and sites that are not - or what will happen on a move:

 

Screenshot 2022-02-04 at 10.54.47.png

All netic.dk users are in Atlassian Access - so whats the changes/benefits of this move.

Dave Mathijs
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 4, 2022

The site that is not under Atlassian Access (the bottom one) currently does not have a verified domain, thus the users of that domain are not managed. Once you verify the domain for that site, it can be managed via Atlassian Access.

Jimmy Seddon
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 4, 2022

With the assumption that you aren't trying to verify the same domain for multiple Atlassian organizations, because you can't do that.

Normann P_ Nielsen _Netic_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 4, 2022

The site can have users from many domains...

 

So whats in "thus the users of that domain are not managed. "

 

Because some users in the site are managed partly from an Atlassian Access where the domain is verified and the user claimed, right?

Jimmy Seddon
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 4, 2022

They are managed from the aspect that the Netic A/S organization has control over their overall site access.  And, as a benefit any site within the Netic A/S organization they can use SSO to access those sites (looks like Confluence and Jira/JSM)

For the other site in the unnamed organization that only has Confluence, they won't be able to use SSO and they will never be an option as long as the Atlassian ID they are using is from the Netic A/S verified domain.

I hope that helps clear things up.

-Jimmy

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events