Problem definition

Currently any user with a valid email address is able to signup for an Atlassian account and verify it.

As the owner of domain and new accounts, organization admins should have the power to restrict account creation under claimed domain.

Suggested resolution

Implement the ability for organization admins to restrict account creation under the claimed domains.

Workaround

Suggestion: here's a semi-scalable approach available for organization admins:

1. Create accounts in advance, such as via user provisioning
2. Deactivate target accounts NOT to make them considered unique billable users
   • Note: you cannot add the users synced from identity providers to non-billable policy

Alternatively, you can enable just-in-time provisioning with SAML for your domain(s) to ensure that only users assigned to the Atlassian Cloud app in your identity provider can sign up for an Atlassian account:

1. For each verified domain that you'd like to restrict signup for, link the domain to an identity provider directory in Atlassian.
2. Ensure that the account claim setting for the domain is set to Claim new accounts automatically.
3. Ensure that the default authentication policy for the identity provider directory to which the domain is linked has SAML SSO enforced.