The Atlassian Cloud Identity Platform has recently undergone significant changes to enable users to seamlessly move across Atlassian Cloud products (specifically Jira, Confluence, Bitbucket, and Stride). As a result, Site Administrators will experience changes in the level of control they have over cloud users. We understand these changes can be difficult, below I'll provide additional details to help you through this transition. Our ultimate goal is to make it easier for users to move between systems and collaborate together.
The following is now true for all cloud sites and users:
- Cloud users own their own accounts
- Cloud Atlassian accounts are global, allowing users access to all Atlassian Cloud products including Bitbucket, Stride, Jira, and Confluence
- User account information (including full name and avatar) should now be global and consistent on all cloud sites and products, ensuring any changes to user account information will be reflected in all sites and products that users can access
For the reasons stated above, we’re implementing changes to what Site Administrators can and can’t do:
- Site Administrators can invite any user to contribute to their site or revoke user access to their content
- Invited users who do not already have an Atlassian account are prompted to create their account
- Site Administrators can no longer create, manage, or edit accounts
To support customers with specific security requirements you can now claim an email domain and manage all the accounts with an email address belonging to that domain. Claiming an email domain creates an Organization (available in the upcoming Identity Manager release) comprising all accounts who belong to that claimed domain.
Organization administrators can:
- Change a managed account's full name
- Change a managed account's avatar
- Update a managed account's email address
- Enforce a password policy on managed accounts
- Apply a SAML login policy to all managed accounts across cloud sites and products
- Delete a managed account
An organization administrator can't:
- control a managed user's access to a site or product — that is done by the owner / site administrator of each individual site
If you need the ability to manage your organization's user accounts, we encourage you to verify your domain and set up an Organization within the Atlassian Cloud identity platform. As an organization administrator, you’ll have the ability to manage all user accounts within your organization and any changes you make will apply across all Atlassian Cloud sites and products.
If you have users accessing your cloud content from other organizations, you should encourage those organizations to claim and manage their staff's accounts to apply any policies they feel are important to them. You can manage any accounts' access to your content if you're still concerned about the policy applying to those accounts.
Feature requests we're considering that relate to this change (please vote and watch those that are relevant to you):
ID-6448 - Show the name of an accounts' organisation next to the account name in Site Admin
ID-6447 - Show the type of authentication enabled on an Atlassian account within Site Admin
ID-6443 - Allow site admin to suggest profile field changes on a Personal Atlassian account
ID-6237 - Allow admin of managed account to change users avatar
ID-6457 - Allow a site-specific name for an account