In Organization, users can claim a domain that has been claimed by G Suite

XMLWordPrintable

    • Severity 2 - Major

      Summary

      In Organization menu, users can verify a domain that has been claimed through G Suite. However, this will break the SSO redirection to Google when logging in, as domain claim is overridden

      Steps to Reproduce

      1. Connect your domain to G Suite, sync G Suite to your cloud instance
      2. Create an organization
      3. Claim the domain in the organization

      Expected Results

      Domain Claim in organization should fail for the domain that has been claimed through G Suite

      Actual Results

      Domain Claim successful, and override the G Suite domain claim

      Notes

      In our documentation, we clearly mentioned that it should not be possible:

      • Domain verification

      • If you're using G Suite

        Your users authenticate with Google. Because you verify your domain as part of your integration with Google, you can't verify your domain from your Atlassian Cloud site. If you want to verify your domain, you'll need to disconnect the G Suite integration.

        If your users for another domain aren't connected through G Suite, you can still verify that domain and set a password policy for those users.

      Workaround

      Don't verify the domain again in Organization

            Assignee:
            Gautam Venkatesh
            Reporter:
            Ezra Alamsyah Rezky Abdullah (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: