Domain verification

Organization administration

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Once you've created an organization in Atlassian Cloud, you can verify ownership of the domains associated with your user's Atlassian accounts.

Verifying a domain allows you to:

  • have control over the Atlassian accounts that access your Atlassian Cloud products (those accounts are now called managed accounts).
  • apply Atlassian Access security policies to your managed Atlassian accounts (Atlassian Access is a subscription service).  


As an example, imagine your company is called Acme Inc. and it owns the acme.com and acme.co.uk domains. Your users have Atlassian accounts with email addresses from those domains, for example jack@acme.com and jill@acme.co.uk.

To manage those Atlassian accounts, you first create an organization

Next, you verify that your company owns those domains, as described on this page. All the Atlassian accounts with email addresses from those domains become managed by your organization.



Now you can subscribe to Atlassian Access to apply security policies across all the managed accounts in your organization. Your users with those accounts will be subject to the policies you've set, no matter which Atlassian Cloud products they log in to.

You can give access to users with Atlassian accounts from domains that you don't own, such as sarah@vendor.com, but those users won't be subject to the Atlassian Access policies you've set.

Learn more about how organizations and Atlassian Access work.


Verify a domain

Verifying a domain allows you to manage the Atlassian accounts with email addresses from those domains, so that they become managed accounts. Before you can verify a domain you'll need to have created an organization.

Once you've verified one or more domains, you'll be able to subscribe to Atlassian Access to apply security policies across all the Atlassian accounts managed by your organization.

A domain name is everything that comes after the @ symbol in the email addresses of your user's accounts. For example, Atlassian has the domain atlassian.com. You can verify ownership of a domain in two ways:

  • HTTPS—Upload an HTML file to the root folder of your domain's website.
  • DNS TXT—Copy a TXT record to your domain name system (DNS).

You can verify more than one domain – just add extra domains using the Verify domain button for each domain you want to verify. 

(warning) Note that once a domain is successfully verified, we'll email Atlassian account holders from the domain to tell them about the change, and to let them know that you're their new account administrator.


Verify a domain over HTTPS

HTTPS is mandatory for hosting the HTML file, and it needs a valid SSL certificate from a certificate authority (self-signed certificates won't work). Only one redirection to a www domain prefix is allowed. For example, if your domain is example.com, domains can only be successfully verified for https://example.com or https://www.example.com. You can't verify domains that redirect to a second domain.

To verify your domain over HTTPS:
  1. Log in to admin.atlassian.com and choose your organization.
  2. Choose Domains and click the HTTPS tab.
  3. Download the atlassian-domain-verification.html file.
  4. Upload the HTML file to the root directory of your domain's webserver.

  5. In your Atlassian administration area click Verify domain.

If we can find the HTML file on your webserver, the status of your domain updates to VERIFIED.

After verification is successful, we'll periodically check for the verification file for security purposes. If the file is ever deleted, we won't be able to tell that you still own your domain, and your domain will lose its verification status. If this happens, any Atlassian Access security policies in place for that domain, including SAML single sign-on, won't be effective.


Verify a domain using DNS

To verify your domain using DNS:
  1. Log in to admin.atlassian.com and choose your organization.
  2. Choose Domains and click the DNS tab.
  3. Copy the txt record to your clipboard.
  4. Go to your DNS host and find the settings page for adding a new record.
  5. Select the option for adding a new record and paste the txt record to the Value field (that may also be named Answer or Description).
  6. Your DNS record may have the following fields:
    • Record type: Enter 'TXT'
    • Name/Host/Alias: Leave the default (@ or blank)
    • Time to live (TTL): Enter '86400'
  7. Save the record.
  8. In your Atlassian administration area click Verify domain.

It may take up to 72 hours to know whether domain verification has succeeded, but usually you'll find out much sooner. Check the Domains page for the verification status.

After verification is successful, we'll periodically check your DNS host for the txt record. If someone deletes or updates the txt record with incorrect information, we'll send you an email letting you know that you have a certain amount of time to update the txt record. If you don't, your domain will lose its verification status. If this happens, any Atlassian Access security policies in place for that domain, including SAML single sign-on, won't be effective.


Domain verification considerations

This section discusses questions that may arise when verifying a domain.

If a CMS manages your website

You may not be able to directly add a file to your website's root folder. As a workaround, you can copy the verification token from the downloaded file and publish it to an existing page that's less than 256kB in the same location (https://example.com/atlassian-domain-verification.html). This way should successfully verify your domain.

If you can't verify with a file upload for HTTPS

For enhanced security, the domain verification process makes HTTPS mandatory for hosting the HTML file. Your domains need to have a valid SSL certificate from a certificate authority (self-signed certificates won't work).

Only one redirection to a www domain prefix is allowed. For example, you can only successfully verify domains on https://example.com/ and/or https://www.example.com/. You can't verify domains that redirect to a second domain.

If you're using G Suite

Your users authenticate with Google. Because you verify your domain as part of your integration with Google, you can't verify your domain from your Atlassian Cloud site. If you want to verify your domain, you'll need to disconnect the G Suite integration.

If your users for another domain aren't connected through G Suite, you can still verify that domain and subscribe to Atlassian Access security policies for that domain.

If you want to verify a domain that you don't own

To protect the privacy and security of Atlassian's users, it's not possible to verify domains that you don't own.

If you'd like to apply Atlassian Access security policies for these users, ask them to change their email address to a domain that you can then verify, or invite them to create Atlassian accounts that use email addresses from the domain.

Last modified on Sep 26, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.