Make Atlassian's global account model work for you

Atlassian has a global account model that makes it easy for people to access products, community resources, and support in the Atlassian ecosystem. It also allows people to log in with one account to multiple products like they can with a Google or Apple account.

The global account model allows an organization admin to administer security and provision users to products in an Atlassian organization.

 

Atlassian global account model

 

What is an Atlassian account?

An Atlassian account is a unique digital identity that a person uses to access and authenticate into the Atlassian ecosystem of products and services. The account includes attributes like email address and display name.

What can a user do with an Atlassian account?

An Atlassian account exists independently of the Atlassian products a person has access to. An Atlassian account allows a user access to multiple organizations, products, and services with one set of credentials. The user’s profile settings appear consistently across all Atlassian organizations, products, and services. Learn more about Atlassian accounts

 

Switch between Atlassian products

How does an account at Atlassian differ in the Data Center versus in the cloud?

With Data Center, you manage your own infrastructure, and user accounts are local. With the Atlassian cloud, we manage your infrastructure, and user accounts are global.

Local model in Data Center

Global model in the cloud

You create the different accounts for each product. Users are able to log in to each product individually. Or you can enable single sign-on so they can log in from one place.

You give access to one global Atlassian account across multiple organizations and products. Users are able log in to multiple organizations and products with the same Atlassian account.

Account differences in Cloud vs Data center

What are Atlassian’s identity types?

An identity type gives you different security and user management controls.

Available identity types at Atlassian

There are several identity types in the Atlassian ecosystem. These are the types of identities at Atlassian that you may encounter as an organization admin.

 

Types of identities at Atlassian

Identity type

Description

Managed accounts

These are Atlassian accounts.
This account type typically includes employees that have an email address with a domain you verify.

External users

These are Atlassian accounts.
This account type typically includes users that don’t have an email address with a company domain but that still need to collaborate with employees within your company.

 

Portal-only customers
(Jira Service Management only)

These accounts are not Atlassian accounts. They only apply to Jira Service Management and not other Atlassian products.

This account type is for people outside your company who seek help related to the use of your company’s products or services.

Learn more about how to administer portal-only customers

 

More about external users and managed accounts

The difference between a managed account and external user is based on whether you claim the account after verifying the domain. The table shows examples of accounts that you may or may not have verified and claimed and whether they would be external or managed.

 

User type

From the domain verified by Acme?

Is the account claimed?

Account type

User with a personal email address: personal@gmail.com

No

No

External user

User with a company email address: unclaimed@acme.com

Yes

No

External user

User with a company email address: claimed@acme.com

Yes

Yes

Managed account

An Atlassian account has these identity types in the context of an organization. This means that someone can be an external user to one organization and a managed account to another organization, as shown in the illustration.

Managed in Org A and External in Org B

Control security and manage users for identity types

As an organization admin, you need to control the profiles and the security settings that you manage. A user’s identity type impacts its security and user management controls. Refer to the table to understand what’s available for each identity type.

Available security and user management controls

 

Managed accounts

External users

Customer (portal-only) accounts

How you as an organization admin manage account details and security settings

You prove your company owns the domain so you can change account details and enforce security settings.

Verify domain

You can’t change account details but you can enforce external user security.

You can’t change account details but you can enforce security settings.

 

How you can require users to authenticate

Apply authentication policy with security settings: single sign on, multi-factor authentication, third party log-in, or password.
Set up authentication policies

Control external user access to product data in your organization. Apply external user security settings.

Turn on external user security

Apply authentication policy with security settings: single sign on and password.


How you provision users

Set up your identity provider to sync users and groups. You can manage them from your external directory before syncing updates.

This means any accounts that you create, deactivate or update from your identity provider get updated in your organization.

Provision users

Set up your identity provider to sync users and groups. You can manage them from your external directory before syncing updates.

Learn about supported operations

 

Users can sign up for portal-only accounts or agents can create them.

 

 

 

Invite customers




 

Still need help?

The Atlassian Community is here for you.