f88495f47be4 I'm not sure if you can. I've used the feature now on domains that I knew were previously claimed by other Orgs (I know who they are and such already as well). But the only real indication that it was claimed by another Org that I recall seeing in the process is that there's a discrepancy between the All accounts column and the Available to claim column. There might have been something in the wizard that said it was already claimed, but didn't register for me because I knew they were already claimed. 

admin.atlassian.com -> Settings -> Domains (can't include a screenshot unfortunately it seems)

How can I tell if a domain has been claimed by another organization? 

Hey 6ffdcfc4150d - users will always have the authentication policy assigned to them by the org that manages their account. In your example above, you're right in that user@org1domain.com will authenticate based on the auth policy that Org 2 has assigned to the user as Org 2 manages the account. Even if the user is accessing a site outside of Org 2, Org 2's auth policy will apply. Other orgs will not be able to apply an auth policy to this user as they do not manage the account. 

External user security is a feature that enables orgs to require an extra step of security at the point of content access (not login).

Hi @Aneita or @Chantelle Liu -

Is there way to address if a same user has access to multiple different Jira sites owned by different orgs/domains. For example, if a user@org1domain.com has access to both org1domain.atlassian.net and org2domain.atlassian.net, who should claim this user. Let's say if org2 claims the org1 domain and this user first (as it is allowed now), Is the user@org1domain.com always authenticated based on Org2's authentication policy (that is assigned to the user) irrespective of Jira sites the user tries to access? 

Hi everyone,

Just a quick update to let you know that this new feature has now been released to all customers.

If you experience any issues or have any new suggestions with this, please raise a new ticket so that we can investigate further.

Thanks,

Chantelle Liu
Atlassian Access Associate Product Manager

Hello everyone,

We’re excited to announce that we’ve begun rolling out a change allowing organization admins to verify the same domain across multiple Atlassian organizations. Each organization can then go on to claim a unique subset of users from the verified domain. If you come from a company with a decentralized structure, this gives you the autonomy and flexibility to manage your organization and accounts without affecting another organization. Feel free to explore this new feature, it should be available to all customers by the end of this week, if not already available to you.

With this change, an Atlassian account can only be managed by a single organization at a time. This means that if an account is already being managed by one organization, it cannot be claimed by another.

Let's illustrate this with an example: Suppose there are two organizations, Acme US and Acme UK, and both share the same domain (acme.com). There are 1000 Atlassian accounts associated with the acme.com domain. After domain verification, Acme US claims 400 of these accounts, leaving Acme UK to claim the remaining 600. If an account, say alice@acme.com, is already managed by Acme US, her account cannot be claimed by Acme UK.

As an admin, you have the ability to view the accounts that are available to be claimed on the domains page. This provides a snapshot of the number of accounts that have not been claimed by any organization and are therefore available. Additionally, you have the option to export a list of all the accounts associated with the domain. This update does not change how people collaborate so you can still invite users to collaborate with your team, even if you do not manage their account.

Thank you again to everyone who participated in our early research and offered feedback.

If you have any feedback or questions about these changes, leave a comment and I’ll be in touch!

Regards,

Chantelle Liu
Atlassian Access Associate Product Manager

Much needed as GA and is there any ETA on this?

Hi @Aneita - 

We are in the process of enabling SSO through Access for all the Atlassian products that we use. 

In addition to the users from our own domain, we also have several users from different domains. These users are either from our customers or vendors who access our own instance of Atlassian products to collaborate with us across several projects we work with them.

All of the users (from our own domain and external domains) are already federated to our identity provider instance. External users use their own domain email address as login to access the products that we offer them.

So, allowing a domain to be verified/claimed by multiple Atlassian instances is a very critical feature for us to continue use Atlassian products efficiently. When will make this feature to be available for us or General Availability to use? 

Hi Aneita,

Will this feature support the same user being claimed in multiple organizations, or must they be exclusively claimed?

Thanks,

James

Hi everyone,

Happy new year! Good news - the ability to verify a domain in multiple orgs, and claim unique users from that domain, is now available in early access!

If your organization is interested in trying this feature in early access, please send me an email at ayang@atlassian.com along with your org ID and the domain that you’d like to verify so that we can evaluate your eligibility.

This feature is expected to be available in early access until the GA release in Q2 2024. You can follow our public roadmap item for updates on the GA release.

Cheers,
Aneita