Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Can I ensure staff are only able to create an account via SSO? And how will this impact vendors?

Arlene.Amaya
Arlene.Amaya
Contributor
May 30, 2023

My organization currently uses Jira Software and it is in the trial period for Confluence and JSM implementation. We have 140+ staff that will be using JSM; however, we are trying to limit the number of licensed users so we're treating them as customers (if I understand correctly, these types of users do not require a license in order to access the JSM portal). 

We decided to implement SSO so that everyone can use their Microsoft credentials to create an account in Jira. So we have decided to implement Atlassian Access for that purpose. My question is, can we prevent staff from creating an account without SSO? This way, once a staff person leaves the org, they're no longer able to access Jira once their Microsoft credentials are revoked. 

Another question - we sometimes invite external vendors outside of our org to Jira Software. Will implementing SSO-only login impact our ability to work with vendors in Jira?

Answer
Watch
Like Be the first to like this
365 views

1 answer

1 accepted

1 vote
Answer accepted
Connor
Connor
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 1, 2023

Hi @Arlene.Amaya yes with Atlassian Access you'll be able to setup user provisioning and SSO from your Microsoft tenant, and have it locked down so users are not able to create an account. That is exactly how my company has our Atlassian org setup. Users are added to a security group(s) in Azure AD which triggers the user provisioning process in Atlassian, and allows them to login to Jira with their Microsoft credentials via SSO. When a user is removed from the security group, their Atlassian account is suspended which removes their access.

 

Inviting external vendors shouldn't be affected. You can set it so they can still be invited, there's lots of options for that. If you add them as a guest within Azure AD, you can even configure user provisioning to sync the security group they're added to, and set their Atlassian product access/user roles based on the synced security group. However you provided them access, they still won't be a managed account like your internal users, so they won't be affected by any authentication policies you setup. i.e. you can't enforce 2FA, password strength, etc.

Take a look through some of this Atlassian documentation for further details:

View More Comments
Arlene.Amaya
Arlene.Amaya
Contributor
June 6, 2023

Great, thanks @Connor !

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.