Uploaded image for project: 'Identity'
  1. Identity
  2. ID-6802

Ability to restrict Atlassian account creation for claimed domain

XMLWordPrintable

    • 129

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem definition

      Currently any user with a valid email address is able to signup for an Atlassian account and verify it.

      As the owner of domain and new accounts, organization admins should have the power to restrict account creation under claimed domain.

      Suggested resolution

      Implement the ability for organization admins to restrict account creation under the claimed domains.

      Workaround

      Suggestion: here's a semi-scalable approach available for organization admins:

      1. Create accounts in advance, such as via user provisioning
      2. Deactivate target accounts NOT to make them considered unique billable users

      Alternatively, you can enable just-in-time provisioning with SAML for your domain(s) to ensure that only users assigned to the Atlassian Cloud app in your identity provider can sign up for an Atlassian account:

      1. For each verified domain that you'd like to restrict signup for, link the domain to an identity provider directory in Atlassian.
      2. Ensure that the account claim setting for the domain is set to Claim new accounts automatically.
      3. Ensure that the default authentication policy for the identity provider directory to which the domain is linked has SAML SSO enforced.

              njain@atlassian.com Nehal Jain (Inactive)
              grahimi Yahya (Inactive)
              Votes:
              204 Vote for this issue
              Watchers:
              160 Start watching this issue

                Created:
                Updated: