Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian accounts SSO

Nicko Glayre
Nicko Glayre
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 15, 2025

Hi,

I've setup SSO on our Atlassian account for a long time now and it went through our Auth0 IDP with multiple domains. Now for some reason when not using the same domain even if trying to reach our_instance.atlassian.net it redirects the user on another_instance.atlassian.net which correspond to his/her email address even if the user doesn't yet have an account on another_instance.atlassian.net. How can I make sure users when reaching our_instance.atlassian.net follow the good authentication workflow?

Answer
Watch
Like Be the first to like this
122 views

1 answer

0 votes
Benjamin
Benjamin
Community Champion
May 15, 2025

Hi @Nicko Glayre ,

 

Welcome! The only logic I see that it could even redirect to another instance is for some reason the IDP has the URL updated to redirect back to the other Atlassian instance. Otherwise, it doesn't make sense since that example account doesn't exist on there site. That also means that that email wasn't claim on there system. 

 

Would also suggest to open a ticket to Atlassian to help check. Based on the context given, it seems there is something wrong with the IDP. It is the one responsible for redirecting user to the right place after authenticating. 

View More Comments
Nicko Glayre
Nicko Glayre
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 16, 2025

Hi @Benjamin ,

 

Thanks for the quick answer, actually I figured out what was the issue: thing is you have Atlassian Guard (Atlassian's SSO solution) which acts as the entry point when reaching any Atlassian instance and it's where the IDP is setup and in the "other_instance" domain, those users weren't existing, thus they never reached our instance, the redirection happens after the authentication but authentication goes through domain.atlassian.net and a user needs to be active on that Atlassian Guard instance even with no product attached in the given instance, it's just for authentication and that part was missing.

Like
Benjamin
Benjamin
Community Champion
May 22, 2025

Thanks for the follow up. That is correct. Atlassian guard works with just managed users for SSO. Once your those users are claim and added to the directory that is tied to your IDP, then it can start authenticating for that user.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security