This should be fixed. We have a problem where we can't delete our accounts because they are re-created by another organisation.

Voted on this to have resolution

Can't believe this request has been open for 5 years and still isn't implemented. Atlassian can hardly called itself a company with Security in-mind if this simple and much requested feature still doesn't exist.

This is more than just an inconvenience, this is a major security issue. We had a bad actor gain access to one of our user's email, then used the email to login to Atlassian and create a Confluence site. They then proceeded to create a page with a fake invoice and emailed the link to multiple people. This could have prevented had the account not been allowed to be created in the first place. 

Happy to upvote it as well. It's quite critical for big companies. Please consider to deliver this important functionality as soon as possible.

Adding a comment to say that I agree with the previous comments and I believe there should be more awareness to this issue and prioritization from Atlassian to address this.  Hopefully a new comment will bring this issue higher in the Atlassian backlog.

Thanks!

Same issue here, we use multiple email domain as company growth from merger. We do SSO on the main active domain, but some users still creates account with legacy domain. We do manage all these domains but it is very time consuming to disable those account when they arise. As the email is valid, we must reach out for these users before disabling it as Atlassian automated email generates confusion. Those users do not realize they have duplicate accounts and always worried to loose some of the accesses. We did communicate a lot, but it keeps in old habits for some users.  Problem is even worst if the default policy is enforce SSO as it generates a not so user friendly error as it cannot find a matching account in the IDP as they are opening account under a valid alias, but not email attribute....

It is a must to prevent users from self create accounts for some verified domains regardless of the context.  Very time consuming for admins

+1 It is a little bit crazy that these controls don't already exist.

We operate from single central company Confluence and Jira products.
Regular users being able to create their own sites that could theoretically tie back to the company without any governance from the IT dept is a big risk for data security and company reputation etc.

Would like to see this.  Have a number of users who have ended up with a 'duplicate' account due to multiple email domains in use within our organisation.  both are claimed and we only use the one for SSO but people keep signing up with the other (and using up Atlassian Access license in the process).

Agreed with the other users: the fact that users can create an account using a managed domain and even create a new organization entirely is a big security issue and can bring to Shadow IT, which is definitely underisable.

We would appreciate having the option to block account creation outside of the already configured provisioning process.