robotsnoindex

We’re currently rolling out changes that affect the content on this page. From your organization at admin.atlassian.com, if the Users list and Groups list are under the Directory tab, you have the improved user management experience. We’ll note changes for the improved experience in the content below.



When you claim accounts, we let users know with the domain that your organization manages their account when they go to their profile.

Verify your company’s domain to prove that you own all user accounts with that domain. Your company’s domain is everything that comes after the @ symbol in the email addresses of your users’ accounts. For example, Atlassian owns the domain atlassian.com.

When you verify a domain for your organization, you do two things: 1) verify ownership of your company’s domain and 2) claim users' accounts with that domain. Verifying a domain gives you two benefits:

  • More control over the Atlassian accounts on your company’s domain – those accounts become managed accounts, which means you can edit, delete, or deactivate their accounts.

  • The ability to apply security policies to your managed accounts – you may want to require log in with two-step verification or set up SAML single sign-on so that policies from your identity provider apply to all Atlassian accounts. You can do both by subscribing to Atlassian Access.

Learn more about verifying a domain in this video

Verified domains in your organization

Imagine your company is called Acme Inc., and it owns the acme.com and acme.co.uk domains. After you verify both domains and claim their accounts, you can go to the Managed accounts page of your Atlassian organization and edit user details. 

With a subscription to Atlassian Access, you can apply security policies to the managed accounts of your users.

You can still give product access to users with a different domain, such as sarah@vendor.com. Since these users aren't managed accounts, you won't be able to apply your security policies to them. 

When you claim accounts, more users than you expect may have accounts with your company’s domain. You may see accounts in your organization for users that don't use your company’s Atlassian products.

Verify ownership of your domain

You can verify ownership of your company’s domain (or multiple domains) in two ways:

  • HTTPS—Upload an HTML file to the root folder of your domain's website.

  • DNS TXT—Copy a TXT record to your domain name system (DNS).

Verify over HTTPS

To host the HTML file, HTTPS is mandatory and needs a valid SSL certificate from a certificate authority (self-signed certificates won't work). You can only verify domains with one redirection to a www domain. For example, if your domain is example.com, domains can be successfully verified for https://example.com/ or https://www.example.com/ but not to any other redirections.

After verification is successful, we periodically check the verification file for security purposes. If the file is ever deleted from your domain, we won't be able to tell that you still own your domain, and your domain will lose its verification status and any security policies for that domain, including SAML single sign-on, won't be effective.

To verify your domain over HTTPS:

  1. From your organization at admin.atlassian.com, click Directory > Domains.

    Note this different way to find Domains if you have the improved user management experience: from your organization at admin.atlassian.com, select Settings > Domains.

  2. From the HTTPS tab, download the atlassian-domain-verification.html file.

  3. Upload the HTML file to the root directory of your domain's webserver.

  4. Return to the Domains page of your Atlassian administration and click Verify domain.

  5. Keep your HTTPS as the method, enter the domain you want to verify in the Domain field, and click Verify domain.

If we can find the HTML file on your webserver, your domain is verified and the Claim accounts screen opens. The next section covers what to do when you land on the Claim accounts screen.

Verify over DNS

After verification is successful, we'll periodically check your DNS host for the txt record. If someone deletes or updates the txt record with incorrect information, we'll send you an email letting you know that you have a certain amount of time to update the txt record. If you don't, your domain will lose its verification status and any security policies for that domain, including SAML single sign-on, won't be effective.

To verify your domain using DNS:

  1. From your organization at admin.atlassian.com, click Directory > Domains.

    Note this different way to find Domains if you have the improved user management experience: from your organization at admin.atlassian.com, select Settings > Domains.

  2. From the DNS tab, copy the txt record to your clipboard.

  3. Go to your DNS host and find the settings page for adding a new record.

  4. Select the option for adding a new record and paste the txt record to the Value field (may be named Answer or Description).

  5. Your DNS record may have the following fields:

    • Record type: Enter 'TXT'

    • Name/Host/Alias: Leave the default (@ or blank)

    • Time to live (TTL): Enter '86400'

  6. Save the record.

  7. Return to the Domains page of your Atlassian administration and click Verify domain.

  8. Keep your TXT Record as the method, enter the domain you want to verify in the Domain field, and click Verify domain.

Depending on your DNS host, it may take up to 72 hours for your domain to verify and DNS changes to take effect, which is why the domain in the Domains table will have an UNVERIFIED status. After 72 hours pass, click Verify domain next to the domain you want to verify and from the dialog that appears.

Once you have verified your domain, your domain will be in a verified state but you will not have claimed your user accounts. The next section covers what to do when you land on the Claim accounts screen.


You can't verify with a file upload for HTTPS

For enhanced security, the domain verification process makes HTTPS mandatory for hosting the HTML file. Your domains need to have a valid SSL certificate from a certificate authority (self-signed certificates won't work).

Only one redirection to a www domain prefix is allowed. For example, you can only successfully verify domains on https://example.com/ and/or https://www.example.com/. You can't verify domains that redirect to a second domain.

What is account claim for a domain?

As part of the domain verification process, you need to claim all the accounts on your domain. Because anyone on your domain can create an Atlassian account, more users than you expect may have an Atlassian account with your domain. If you want to view all the accounts on your domain, you can export and preview a list of users whose accounts you’ll be claiming.

You can only claim accounts for a domain that’s verified. From the table at the bottom of the Domains page, you’ll see a VERIFIED status next to the domain. If you see an UNVERIFIED status, you need to verify your domain again (after 72 hours if you’re using DNS).

Claim accounts for a domain

To export and claim accounts:

  1. From your domain in the Domains table, click Claim accounts.

  2. From the Claim accounts screen that opens, you’ll see the number of accounts with your domain. Click Export accounts for a list of email addresses for individual accounts on your domain and their product access.

  3. Click Claim accounts to complete the domain verification process and claim those accounts for your organization.

When you claim accounts, we let users know that your organization manages their accounts when they go to their profile.

The Manage accounts screen confirms that you claimed all accounts successfully. When you click View managed accounts, you see a list of all your claimed accounts on the Managed accounts screen. Come back to this screen to edit, delete, or deactivate an individual account.

At this point, your users will receive a message on their Profile and visibility page telling them about the change and how it impacts them:

If you don’t claim accounts, your domain will still be verified, but you won’t be able to edit, deactivate, delete accounts or enforce a security policy on those users.

You may want to move a domain from an existing to a new organization. In this case, you’ll need to schedule downtime. When you move a domain, we don’t apply Atlassian Access security features for the same accounts in the existing organization.

Change your domain name

You may want to change your name if you need to change the address of your company website and the emails associated with its domain. Here are some of the common reasons you may want to change your domain:

  • Your company acquired another company

  • Your company is rebranding

  • Your company was sold to another company

A few factors determine the path you take when you change your domain name and email addresses:

  • How you provision users to Atlassian: with an identity provider using System for Cross-Domain Identity Management (SCIM) or by inviting users manually

  • How users log in with SAML single sign-on

  • Whether you want a domain change for the same, new, or a different Atlassian organization

When you change your domain name, you’re also changing the domain name in your user’s email addresses, for example, abc@domain.com to abc@newdomain.com. Changing the domain in your existing Atlassian accounts allows you to keep the same account history.


Follow procedures to change domain successfully
For a smooth transition, follow the instructions based on the setup that applies to you. This way, you’ll avoid:

  • Losing access to your admin controls in admin.atlassian.com

  • Users losing access to historical data from their “old” domain and account

  • Users being unable to log in with SAML single sign-on

  • Users waiting 14 days to access accounts for the new domain name

Procedures for changing and moving domains

Depending on how you manage your users dictates the process you’ll follow. You have two paths to choose from. Select the one that works for how you provision users:

  1. Manually invite users to Atlassian

  2. Automatically provision users to Atlassian through SCIM

Change or move a domain when you manually invite users

To change domain names and email accounts, you need to verify your old and new domains and claim their accounts in the same Atlassian organization.

To change a domain name:

  1. Go to admin.atlassian.com and select Directory > Domains.

  2. Verify your new domain and claim its email accounts.

  3. Make sure your old domain is still verified and claim its email accounts.

  4. To manually change the old email to the new email.

    1. Go to Directory> Managed accounts.

    2. Select the user and change to a new email.

  5. To automate the domain name change in your emails.

    1. Use REST API set email.

Move a domain and its email accounts to a new organization

You may want to move a domain from an existing to a new organization. In this case, you’ll need to schedule downtime. When you move a domain, we don’t apply Atlassian Access security features for the same accounts in the existing organization.

To move a domain to a new organization:

  1. Go to admin.atlassian.com and select Directory > Domains.
  2. Remove the new domain from your existing organization.

  3. In the new organization, verify the new domain and claim its email accounts.

Change or move a domain when you provision users with SCIM

To change domain names and email accounts, you need to verify your old and new domains and claim their accounts in the same Atlassian organization.

To change a domain name:

  1. Go to admin.atlassian.com and select Directory > Domains

  2. Verify the new domain that your email accounts will be moved to.

  3. Check that you’ve verified the old domain and claimed its email accounts.

  4. Make sure the old email accounts are in your identity provider.

  5. Sync old accounts from your identity provider to Atlassian.

  6. After you sync, change emails in your identity provider to the new domain to keep the history of the old accounts.

Move a domain and its email accounts to a new organization

You may want to move a domain from an existing to a new organization. In this case, you’ll need to schedule downtime. When you move a domain, we don’t apply Atlassian Access security features for the same accounts in the existing organization.

To move a domain:

  1. Go to your organization at admin.atlassian.com and select Directory > Domains.

  2. Remove the new domain from your existing organization.

  3. In the new organization, verify and claim accounts for the domain you want to move.

  4. Make sure all the email accounts for your new domain are in your identity provider.

  5. Connect your identity provider to your new organization.

  6. Sync the email accounts from your identity provider to Atlassian.


Move domains with SAML SSO

For users to log in with SAML, you’ll need to do an additional step to enable SAML SSO on the new domain in the new organization. We recommend you contact Atlassian support to remove the SAML identity of all the users on the old domain.

Maintain your verified domain

This section discusses issues that may arise when verifying a domain.

You have multiple domains or subdomains

You can verify multiple domains and subdomains under a single organization. All you need to do is to repeat the steps on this page with each domain that want to claim. Because we don’t automatically verify sub domains, such as us.acme.com and eu.acme.com, you need to manually verify each subdomain as well.

Another organization already verified the domain

If someone else has already verified the domain, we’ll display a warning message letting you know. In this situation, someone at your company might have verified the domain under another organization. We recommend that you find an admin of that organization and ask them to remove the domain from its list of verified domains. If you aren't sure who to ask, contact support.

A CMS manages your website

You may not be able to directly add a file to your website's root folder. As a workaround, you can copy the verification token from the downloaded file and publish it to an existing page that's less than 256kB in the same location (https://example.com/atlassian-domain-verification.html). This way should successfully verify your domain.

You're using G Suite

Your users authenticate with Google. Because you verify your domain as part of your integration with Google, you can't verify your domain from your site. If you want to verify your domain, you'll need to disconnect the G Suite integration.

If your users for another domain aren't connected through G Suite, you can still verify that domain and subscribe to Atlassian Access security policies for that domain.

You want to verify a domain that you don't own

To protect the privacy and security of Atlassian's users, it's not possible to verify domains that you don't own.

If you'd like to apply Atlassian Access security policies for these users, ask them to change their email address to a domain that you can then verify, or invite them to create Atlassian accounts that use email addresses from the domain.

Remove a verified domain

When you remove a domain from your list of verified domains, the users with that domain are no longer managed and won't appear on your Managed account page.

To remove a verified domain, click Remove next to the domain and verify that you want to remove it. We'll email users with that domain to let them know that their account is no longer managed.