Atlassian Guard Domain Verification: Claim Accounts Safely (Before SSO & SCIM)

Before you can use Atlassian Guard features like SAML SSO, SCIM provisioning, or security policies, you need to do one thing first: Verify your domain. In this episode, Marvin (Technical Support Engineer, DevOps at re:solution GmbH) shows you how domain verification works, what account claiming really means, and how to do it without surprising users, or accidentally locking yourself out. What you need before you start • Organization admin access (not just project admin or Guard admin) • Atlassian Guard Standard (or a trial) • Ability to verify the domain via: • DNS access (recommended), or • HTTPS file upload to your web server • A simple communication plan for users (important before enabling SSO policies) Why domain verification matters Verifying your email domain proves you own it. Once verified, Atlassian accounts on that domain can become managed accounts in your organization, meaning IT can apply consistent security and lifecycle control. This unlocks: • SSO enforcement • MFA/security policies • SCIM provisioning for onboarding/offboarding • Clean deactivation when someone leaves Think of this as Step 0: foundation first. Demo walkthrough (DNS method) 1. Go to admin.atlassian.com → select your org 2. Navigate to Directory → Domains 3. Add your domain (e.g., example.com) 4. Copy the TXT record Atlassian generates 5. Add it to your DNS provider (Cloudflare / GoDaddy / Route 53 / etc.) 6. Wait for propagation, then confirm the domain shows as Verified If it doesn’t verify: • you may be editing DNS in the wrong place • the hostname/value may be incorrect • propagation may still be in progress DNS vs HTTPS verification (quick note) • DNS (TXT record) is usually the simplest and doesn’t require a web server • HTTPS file verification works too (upload an HTML file so Atlassian can fetch it) (Additional episodes can cover these alternatives in more detail.) What happens next: account claiming (managed vs unmanaged) After verification: • Managed accounts → controlled by your organization (policies, security, deactivation) • Unmanaged accounts → controlled by the user You can check user status in the directory to see which accounts are managed. Communication tip (reduces support tickets) Domain verification alone usually doesn’t break anything immediately, but once you enforce SSO/security policies, users will notice. Send a short heads-up like: “Soon you’ll sign in via our identity provider. If you have issues, contact IT.” Recap 1. Confirm you’re an org admin and Guard Standard/trial is active 2. Verify your domain (recommend DNS) 3. Understand managed accounts and communicate changes Next episode: SSO configuration (the most requested Guard feature) #AtlassianGuard #Atlassian #AtlassianCloud #CloudSecurity #SSO #SCIM #ManagedAccounts #IAM #JiraAdmin #ConfluenceAdmin