Set up your Atlassian Government organization

Follow these steps when you first get access to an Atlassian Government Cloud environment. When your products are ready, we send you an email with a link to log in to the Atlassian Administration at admin.atlassian-us-gov-mod.net.

These tasks include customer responsibilities influenced by the requirements of FedRAMP Moderate.

Before setup

Before starting with the configuration tasks on this page, we recommend that you review the documentation and make sure that your team members are the only users with access.

1. Familiarize yourself with Atlassian Administration

Go to Atlassian Administration at admin.atlassian-us-gov-mod.net. Before continuing setup, you may want to click around and also checkout our documentation about the Atlassian administration and Atlassian organizations.

2. Remove the Atlassian user from your organization

The Atlassian contact who set up your organization may still be listed as a user on your organization. Check whether that is the case and remove the user if so. To remove the user from your organization, select Directory > Users. Select the user’s name to open their user details. From the icon in the top right, select Remove user.

Set up users and their access

This involves not only making sure that users have access to the right products but also making sure that they log in securely. Secure login means that their account won’t be compromised.

1. Configure user provisioning

Your identity provider is already connected, so you’re ready to configure user provisioning. When you’re done, users and groups sync to your Atlassian Government organization.

Whenever you need to update a user’s account, make changes from your identity provider so that updates sync to their Atlassian account.

2. Grant organization admin permissions

Organization admins have access to all organization settings on Atlassian Administration and can complete configuration tasks. Only make someone an organization admin if they need those permissions.

In addition to organization admin role, you can grant other admin roles as well.

3. Update idle session duration to 24 hours

A session is idle when users don't interact with the product for a period of time. You set idle session duration from an authentication policy. An authentication policy is where you apply login settings for your managed accounts. For each authentication policy, update the idle session duration to 24 hours.

This step is a customer responsibility.

3. Update external user settings

An external user is a user whose account isn’t claimed under one of your domains. You can control how external users access your products from an external user policy. From the policy, require that external users log in with single sign-on and block external from using API tokens. We recommend that you add a test policy so that you can test external user settings before rolling them out.

This step is a customer responsibility.

4. Require access from your organization’s IP addresses

An IP allowlist outlines the IP addresses that are required for users to access specific Atlassian products. Define an allowlist with your organization’s IP addresses.

This step is a customer responsibility.

5. Grant users access to products

To grant users access to products, use the groups that sync from your identity provider. To give users in a group product access, locate the product from the Products page, and select Manage Product. From the product details page, select Add groups. Search and select the group you want to add, choose a product role, then select Add.

To add or remove users from groups, update their group membership from your identity provider. Make sure to only grant access to authorized staff.

This step is a customer responsibility.

Apply security settings for Jira Service Management

Jira Service Management needs a few additional security settings that the rest of our products don’t.

1. Configure SAML single sign-on for portal-only customers

A portal is the customer-facing website of every service project that you create with Jira Service Management. The portal is where your customers can log in to see help resources and make requests. Customers can log into the portal with either an Atlassian account or a portal-only account. You determine which accounts are right for your customers.

If you determine that you want your customers to have portal-only accounts, configure SAML single sign-on so that they will log in through your identity provider. To do this, choose your identity provider and configure SAML.

This step is a customer responsibility.

2. Set email as the default alert notification method

Jira Service Management users receive alert notifications when they’re added as responders to an incident. By default, they can choose to be notified of alerts through email, SMS, and voice calls. However, the SMS and voice call options can share data with third-party services that are outside your Atlassian Government environment. To avoid this, we recommend that you set up a role-based notification with Email as the default notification method.

This step is a customer responsibility.

Set up individual products

Now that you’ve completed these steps, you can set up individual products. Check out the admin documentation for Jira, Jira Service Management, and Confluence.