configure user provisioning for two atlassian orgs with one Active Directory (one domaine)

Islam Ziane May 27, 2024

Hi all, my company-A has been baught by another company-B that also have jira, where User Provisinong is already configured in it (that automaticaly Provisionned ALL their users first.last@company-B.com & the domain company-B.com is claimed) .. 

Now, the new company-B is asking to confingure User Provisioning for company-A with the same Active Directory & same domaine (company-B.com) .. i am not sure, i think that this is not possible, while we can't claim the same domain in two diffrent Atlassian Orgs. 

Am i wrong ? can we configure user provisioning in this case ? (Without disconnect it from company-B)

1 answer

0 votes
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 27, 2024

Hi Islam,

Claiming a domain does not lock it to any particular Atlassian Cloud instance nor organisation.  You will be able to add your second claimed domain to Atlassian Access and have it provide user accounts to any or all of your Cloud sites.

Islam Ziane May 27, 2024

.

Islam Ziane May 27, 2024

But in my case, i don't want to claim a domain only .. i want to add user privisioning that is already set for another atlassian cloud instance. will this work ? if yes, how ? is it logic that two instances can configure the user privisining with the same Active Directory (sames users, sames domain) ? 
Levio.ca domaine claimed_2024-05-15T16_55_58.782Z.png

 

also for domains, sins last week i wasn't able to add a domain that is added to the other instance, i was getting this message (in the picture), but now itis baypassed, i can add it .. i've made a test but the new org didn't recognise the old users for the new added domain. why and how, i don't know .. but i had an error message that says you can't claim users that are already claimed for another instance. Before, it was showing thiserror before the add of the domain, now it's after i added and try to see if i can claim old account .. i suppose that nothing changed about claiming domains and be able to manage users.
But i am confused.

Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 27, 2024

Again, claiming a domain has no link to any one Atlassian Cloud site.  Claiming a domain just means that you get administrative access over any Atlassian account that has an email address that belongs to the domain.  For example, anyone who is using an email of <something>@adaptavist.com has an Atlassian account that belongs to, and administrated by, Adaptavist.

The error message you are getting is not talking about instances of Atlassian Cloud systems, it is talking about instances of domains.  It is telling you that you can't claim a domain that has already been claimed.

If you want to claim an already claimed domain, then you need to talk to the organisation that has claimed it already.  They will need to either relinquish their ownership (unclaim it) so that you can reclaim it, or, more likely, add you as an admin.

Islam Ziane May 27, 2024

what you're saying make sens, now follow my example : 

i have 2 Atlassian Cloud instances :

Company-A ==> claimed domaine Company-A.com

Company-B ==> claimed domaine Company-B.com

 

15/05/2024 i tried to ADD Company-B.com inside Company-A : i had this error Levio.ca domaine claimed_2024-05-15T16_55_58.782Z.png

 

27/05/2024 i tried to ADD Company-B.com inside Company-A : i had no error, so i used the DNS option, i did all the steps, and now i can see Company-B.com in domains list of Company-A .. so : i tried to claim users of company-B.com it is saying that "it found 0 accounts to claim" like it didn't found the old accounts that are used now in Company-B

 

i don't need to claim them anyway, i juste need to make sur that only one Org can claim accounts, and this is what is realy happening. 

the real question was about configuring User Provisioning in both Company-A & Company-B with same domain, same users .. am i able to do it ? because doing this will automaticaly claim the domain (as it was in the first org Company-B), will it work even if this is already done in the second org Company-A ? 

i don't know if i am clear or not, my english is lilte bit bad so sorry in advanced :)

Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 27, 2024

You were not adding company-B inside company-A, you get that error message when you are trying to claim a domain.

The accounts in each domain are separate entities and will be seen as different users, even if they are used by the same person.  As an example, nic@adaptavist.com and nic@adaptavist.co.uk belong to two different domains, so despite both of them being me, they are two separate accounts.

You can not claim different domains as though they are one domain, but yes, your organisation can claim many domains.

Islam Ziane May 27, 2024

Thank you for the answer, i realy apreciate, but i know this i think that you didn't understand me well .. is it logic that i add domaine B inside A but when i create a new user new@B com inside A i still can't manage it ? So why adding the domaine B inside A is for if i can claim users only from B ? 

 

Can you explain to me why ? 

 

New@B.com didn't existe in B .. i created it After i add Domaine B inside A : yes 1-i can't claim it.. 2-i can manage it from B .. so what's the purpose of adding the Domaine B in A ? 

Also, Last week was logic because i couldn't add Domain B in A, but now i can, why ?

 

My real question is : i have two Orgs, can i add user provisioning in bothe that provision same users in same domain ? (2000 users are already created in B) .. 

Like Nic Brough -Adaptavist- likes this
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 27, 2024

I agree, I think I am misunderstanding the details of the problem you are seeing and explaining. 

This may be down to translations - to my shame, the only language I am fluent in is English (and even that is limited to proper English - I have struggled to understand some American "English" and even English spoken with strong Irish or Corby accents).

The main thing I am stuck on is the idea that you "add A within B" or "B within A".  This is not a thing. 

With the Atlassian accounts, you claim one or many domains, and then you can add accounts in any of the domains, and then grant them access to your Cloud systems.

So when you say "i have two Orgs, can i add user provisioning in both that provision same users in same domain", then the simple answer is "yes".  You can provision as many users as you want in that domain.  

But the thing that might be missing from that answer is that no you can't have duplicate users in other domains - Atlassian's identity systems see accounts in different domains as being different unique identities.  To go back to my older example, I am nic@adaptavist.com and nic@adaptavist.co.uk (two domains), but Atlassian Cloud has no choice but to see those two accounts as being separate accounts.

Like Islam Ziane likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events