Verify a domain for your organization

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Verify your company’s domain to prove that you own all user accounts with that domain. Your company’s domain is everything that comes after the @ symbol in the email addresses of your users’ accounts. For example, Atlassian owns the domain atlassian.com.

When you verify a domain for your organization, you do two things: 1) verify ownership of your company’s domain and 2) claim users' accounts with that domain. Verifying a domain gives you two benefits:

  • More control over the Atlassian accounts on your company’s domain – those accounts become managed accounts, which means you can edit, delete, or deactivate their accounts.

  • The ability to apply security policies to your managed accounts – you may want to require log in with two-step verification or set up SAML single sign-on so that policies from your identity provider apply to all Atlassian accounts. You can do both by subscribing to Atlassian Access.

Verifying a domain example

Imagine your company is called Acme Inc. and it owns the acme.com and acme.co.uk domains. Your users have Atlassian accounts with email addresses from those domains, for example jack@acme.com and jill@acme.co.uk.

After you verify you own both domains and claim those accounts, you can go to the Managed accounts page of your organization and edit user details for individual accounts. If you want to apply security policies and subscribe to Atlassian Access, your users with managed accounts will be subject to any policies you set.

You can still give product access to users with a different domain, such as sarah@vendor.com. However, that user won't be subject to the Atlassian Access policies you've set.

When you claim accounts, more users than you expect may have accounts with your company’s domain. You may see accounts in your organization for users that don't use your company’s sites.

1. Verify ownership of your domain

You can verify ownership of your company’s domain (or multiple domains) in two ways:

  • HTTPS—Upload an HTML file to the root folder of your domain's website.

  • DNS TXT—Copy a TXT record to your domain name system (DNS).

Verify over HTTPS

To host the HTML file, HTTPS is mandatory and needs a valid SSL certificate from a certificate authority (self-signed certificates won't work). You can only verify domains with one redirection to a www domain. For example, if your domain is example.com, domains can be successfully verified for https://example.com/ or https://www.example.com/ but not to any other redirections.

After verification is successful, we periodically check the verification file for security purposes. If the file is ever deleted from your domain, we won't be able to tell that you still own your domain, and your domain will lose its verification status and any security policies for that domain, including SAML single sign-on, won't be effective.

To verify your domain over HTTPS:

  1. From your organization at admin.atlassian.com,
    click Directory > Domains.

  2. From the HTTPS tab, download the atlassian-domain-verification.html file.

  3. Upload the HTML file to the root directory of your domain's webserver.

  4. Return to the Domains page of your Atlassian administration and click Verify domain.

  5. Keep your HTTPS as the method, enter the domain you want to verify in the Domain field, and click Verify domain.

If we can find the HTML file on your webserver, your domain is verified and the Claim accounts screen opens. The next section covers what to do when you land on the Claim accounts screen.

Verify over DNS

After verification is successful, we'll periodically check your DNS host for the txt record. If someone deletes or updates the txt record with incorrect information, we'll send you an email letting you know that you have a certain amount of time to update the txt record. If you don't, your domain will lose its verification status and any security policies for that domain, including SAML single sign-on, won't be effective.

To verify your domain using DNS:

  1. From your organization at admin.atlassian.com,
    click Directory > Domains.

  2. From the DNS tab, copy the txt record to your clipboard.

  3. Go to your DNS host and find the settings page for adding a new record.

  4. Select the option for adding a new record and paste the txt record to the Value field (may be named Answer or Description).

  5. Your DNS record may have the following fields:

    • Record type: Enter 'TXT'

    • Name/Host/Alias: Leave the default (@ or blank)

    • Time to live (TTL): Enter '86400'

  6. Save the record.

  7. Return to the Domains page of your Atlassian administration and click Verify domain.

  8. Keep your TXT Record as the method, enter the domain you want to verify in the Domain field, and click Verify domain.

Depending on your DNS host, it may take up to 72 hours for your domain to verify and DNS changes to take effect, which is why the domain in the Domains table will have an UNVERIFIED status. After 72 hours pass, click Verify domain next to the domain you want to verify and from the dialog that appears.

Once you have verified your domain, your domain will be in a verified state but you will not have claimed your user accounts. The next section covers what to do when you land on the Claim accounts screen.


2. Claim accounts with the domain

As part of the domain verification process, you need to claim all the accounts on your domain. Because anyone on your domain can create an Atlassian account, more users than you expect may have an Atlassian account with your domain. If you want to view all the accounts on your domain, you can export and preview a list of users whose accounts you’ll be claiming.

You can only claim accounts for a domain that’s verified. From the table at the bottom of the Domains page, you’ll see a VERIFIED status next to the domain. If you see an UNVERIFIED status, you need to verify your domain again (after 72 hours if you’re using DNS).

To export and claim accounts:

  1. From your domain in the Domains table, click Claim accounts.

  2. From the Claim accounts screen that opens, you’ll see the number of accounts with your domain. Click Export accounts for a list of email addresses for individual accounts on your domain and their product access.

  3. Click Claim accounts to complete the domain verification process and claim those accounts for your organization.

When you claim accounts, users with the domain receive an email telling them about the change and what it means to have a managed account. We recommend you notify users that they'll receive this email and who to contact to modify their account.

The Manage accounts screen confirms that you claimed all accounts successfully. When you click View managed accounts, you see a list of all your claimed accounts on the Managed accounts screen. Come back to this screen to edit, delete, or deactivate an individual account.

At this point, your users will receive an email telling them about the change and how it impacts them:

If you don’t claim accounts, your domain will still be verified, but you won’t be able to edit, deactivate, delete accounts or enforce a security policy on those users.

Remove a verified domain

When you remove a domain from your list of verified domains, the users with that domain are no longer managed and won't appear on your Managed account page.

To remove a verified domain, click Remove next to the domain and verify that you want to remove it. We'll email users with that domain to let them know that their account is no longer managed.

Domain verification considerations

This section discusses issues that may arise when verifying a domain.

You have multiple domains or subdomains

You can verify multiple domains and subdomains under a single organization. All you need to do is to repeat the steps on this page with each domain that want to claim. Because we don’t automatically verify sub domains, such as us.acme.com and eu.acme.com, you need to manually verify each subdomain as well.

Another organization already verified the domain

If someone else has already verified the domain, we’ll display a warning message letting you know. In this situation, someone at your company might have verified the domain under another organization. We recommend that you find an admin of that organization and ask them to remove the domain from its list of verified domains. If you aren't sure who to ask, contact support.

A CMS manages your website

You may not be able to directly add a file to your website's root folder. As a workaround, you can copy the verification token from the downloaded file and publish it to an existing page that's less than 256kB in the same location (https://example.com/atlassian-domain-verification.html). This way should successfully verify your domain.

You can't verify with a file upload for HTTPS

For enhanced security, the domain verification process makes HTTPS mandatory for hosting the HTML file. Your domains need to have a valid SSL certificate from a certificate authority (self-signed certificates won't work).

Only one redirection to a www domain prefix is allowed. For example, you can only successfully verify domains on https://example.com/ and/or https://www.example.com/. You can't verify domains that redirect to a second domain.

You're using G Suite

Your users authenticate with Google. Because you verify your domain as part of your integration with Google, you can't verify your domain from your site. If you want to verify your domain, you'll need to disconnect the G Suite integration.

If your users for another domain aren't connected through G Suite, you can still verify that domain and subscribe to Atlassian Access security policies for that domain.

You want to verify a domain that you don't own

To protect the privacy and security of Atlassian's users, it's not possible to verify domains that you don't own.

If you'd like to apply Atlassian Access security policies for these users, ask them to change their email address to a domain that you can then verify, or invite them to create Atlassian accounts that use email addresses from the domain.

Last modified on Jan 17, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.