Setting up Atlassian Access with User Provisioning
Welcome to our the first in our series of blog posts regarding Atlassian Access. As Atlassian support Atlassian Server product ends in 2024, many organisations are moving to Atlassian Cloud...
Welcome to our the first in our series of blog posts regarding Atlassian Access.
As Atlassian support Atlassian Server product ends in 2024, many organisations are moving to Atlassian Cloud and are using, or considering, Atlassian Access.
The first steps
This blog post focuses on Benefits of Atlassian Access, steps for Domain Verification and Claiming Accounts.
We worked with an organisation that thought there might be around twenty staff with Atlassian accounts. There were close to 600. These users were using just a username and password to verify their accounts. Our client wanted people to use Multi-Factor Authentication, which we enabled.
The benefits of Atlassian access
Atlassian Access is an organisation-wide subscription that connects your Atlassian cloud products to your identity provider, enabling identity and access management features for your domains.
Four Key Access Features:
- Connect to your SAML SSO Provider
- Automate User Provisioning
- Enforce two-step verification
- Organisation wide audit logs
As Atlassian Access is organisation wide, it applies to when users in your domain are using your Atlassian instances (eg. Jira/Trello/Confluence/etc) and when they are using other instances (eg. collaborating in a supplier or customer’s Atlassian instance). Through automatic product discovery, when new instances of Atlassian products are created, administrators receive notification.
Domain Verification
The first step for an organisation is to verify their Domain with Atlassian.
What is a domain? A domain is the address of your website (eg. or use the email address after the @ symbol. You can have one or more domains
Domain verification can be done in three ways:
- Domain Name Service (DNS) — add TXT Record
- HTTPS — upload a file to the root of your website
- G Suite — connect your G Suite account
Most organisations we work with verify by DNS entry, so the post will walk through that process.
Verify by DNS Entry
Obtain the DNS Record details:
- Navigate to your organisation at admin.atlassian.com and select DIRECTORY > DOMAINS — this is your DIRECTORY DOMAINS PAGE
- From the DNS tab, copy the TXT record to your clipboard
Add the TXT Entry to your DNS
Go to your DNS host and find the settings page for adding a new record or raise a ticket with your IT Help desk if they manage your DNS Host to perform the following steps:
STEP 1
Select the option for adding a new record and paste the txt record to the Value field (may be named Answer or Description or something equivalent). Your DNS record may have the following fields:
- Record type: Enter ‘TXT’
- Name/Host/Alias: Leave as default (@ or blank)
- Time to live (TTL): Enter ‘86400’ or a value more suitable to your organisations standards
STEP 2
Save the record.
Verify the Domain
- Return to the Directory Domains page
- Select Verify domain
- Keep your TXT Record as the method, enter the domain you want to verify in the Domain field, and click Verify domain
Depending on your DNS host, it may take up to 72 hours for your domain to verify and DNS changes to take effect. The domain you tried to verify will be listed in the Domains table, it will have an UNVERIFIED status.
Once the domain has been verified the Domains table will be be updated with a status of VERIFIED.
Claim accounts
After verification of your domain the Atlassian accounts of anyone using a verified domain can be claimed and then becoming Managed Accounts.
Export accounts
To export and view details of the accounts (email address, last logged in, products used, etc):
- On the Directory Domain Page, in Domains table, click Claim accounts
- From the Claim accounts screen that opens, you’ll see the number of accounts with your domain
Select Export accounts to download a CSV file with details on the accounts.
Select Claim accounts to complete the domain verification process and claim those accounts for your organization [sic].
Further reading
If you are looking for read more information, than we recommend you to visit following support pages from Atlassian:
More information
If you would like more information about this post, please contact us.
Thank you!
