Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian Guard Billable Policy

Vikrant Yadav
Vikrant Yadav
Community Champion
May 19, 2025

Hi Experts, 
Need your guidance one the below 

We are currently managing two Atlassian organizations:

  • abc.atlassian.net (Primary)

  • abc-external.atlassian.net (External)

Our Atlassian Guard Standard license is active only on the abc.atlassian.net organization. All internal users are provisioned and billed under this primary organization. However, approximately 200 of these internal users also require access to the abc-external.atlassian.net site, which resides in a separate organization.

We would appreciate your guidance on the following points:

  1. Licensing Requirement:
    Do users who are already licensed under abc.atlassian.net and need access to abc-external.atlassian.net also require additional Atlassian Guard licenses for the second organization?

  2. Policy Management:
    Our objective is to enforce user access policies and provisioning via Microsoft Entra ID (formerly Azure AD) for both internal and external users. We’ve observed that Guard is now required to integrate Entra ID with Atlassian Access (Guard).

    • Has this requirement changed recently?

    • Previously, we were able to connect Entra ID without needing an Atlassian Guard license.

  3. License Planning:
    If Guard licenses are required for both organizations, please confirm:

    • How many total licenses would be needed for 200 internal and 100 external users?

    • Do external users also count toward the Atlassian Guard license count?

  4. Recommended Approach:
    What would be the best way to onboard and manage access for users across both organizations using a single Entra ID identity provider?

Answer
Watch
Like Be the first to like this
99 views

3 answers

2 accepted

1 vote
Answer accepted
Gerusa Lobo _e-Core_
Gerusa Lobo _e-Core_
Atlassian Partner
May 20, 2025

Hi @Vikrant Yadav 

Answer all Requirements:

1. Licensing Requirement:
Do users who are already licensed under abc.atlassian.net and need access to abc-external.atlassian.net also require additional Atlassian Guard licenses for the second organization?

No, in Atlassian Guard each account count only one time independent of the how many sites/orgs have access. But as I said bellow. They have managed in only one org. 


2. Policy Management:
Our objective is to enforce user access policies and provisioning via Microsoft Entra ID (formerly Azure AD) for both internal and external users. We’ve observed that Guard is now required to integrate Entra ID with Atlassian Access (Guard).

    Has this requirement changed recently?

    Previously, we were able to connect Entra ID without needing an Atlassian Guard license.

If a managed account is in an SSO police in main organization, to log in in any site or Atlassian cloud product these accounts will need use a SSO credentials.

However, they will need a Guard Licensing in the main organization.


3. License Planning:
If Guard licenses are required for both organizations, please confirm:

    How many total licenses would be needed for 200 internal and 100 external users?

    Do external users also count toward the Atlassian Guard license count?

If you share the accounts in both orgs only need a Atlassian Guard in one of them. Atlassian Guard managed only accounts with verified domain in organization.

If you have separate groups of the accounts, eath part in one org, you can use the same domain and Guard in both. Each one managing our accounts.

External users are users invited in a organization. They don't have a verified domain in this specific organization, so they don't need Guard Licensing in that organization.

A managed account in one organization could be a external user in another one. A Guard Licensing is necessary only where it where claimed.

4. Recommended Approach:
What would be the best way to onboard and manage access for users across both organizations using a single Entra ID identity provider?

You can have 3 different approachs, based in your needs:

a. Move the two products sites to the same organization, where you can provide a centralized user management.

In that way you could have user provisioning to both product sites without problems or dificults.

b. Connect Guard in only principal organization force all managed account to SSO and invited users to second org.

c. If the users in both orgs are completely separate, you can use the same domain and Guard verified in both orgs.

Claim only the accounts needs in each one and managed accounts separately. The each Guard will manage part of the accounts.

Regards.

 

 

 

 

Reply
1 vote
Answer accepted
Gerusa Lobo _e-Core_
Gerusa Lobo _e-Core_
Atlassian Partner
May 19, 2025

Hi @Vikrant Yadav 

First for all:

There are a big difference about external user and managed account.

Managed account is a Atlassian account with a verified domain and claimed in the organization.

External user is a any user without domain verified in organization.

You can only use SSO and Provisioning in managed accounts. The Guard Licensing is only for managed accounts.

 

About sharing domains:

If you need sepate the accounts in the 2 orgs you can:

- unclaim these specific accounts at the first org.

- claim them in the second one.

If you share any accounts in the two orgs, you need managed in only one and invited the users in another.

 

About the policies: 

If you want use a non-billable policie for a group of managed account, these accounts can't be provisioning or use a SSO from Identity Provider.

You can create a non-billable policie and include a group of accounts there.

These accounts will use email and password to log in.

 

If you have any doubt about it please let me known.

Regards.

Reply
2 votes
Septa Cahyadiputra
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 19, 2025

Hi @Vikrant Yadav

Yes, Atlassian licensing is per-site. Hence it is required for you to acquire license for those users. If you acquire enterprise license, you are able to use one license for multiple sites. Hence sharing users across sites won't require additional license cost.

From what I understand, Access or Guard is always required for SSO. However, if you don't need SSO, user provisioning can be done without Atlassian Guard as described here:

If the external users need to login to Jira, then you would need to acquire 300 users tier. If they don't need to login, then you could open Jira for public access. However, this means they won't be able to interact with Jira.

Recommended approach is to upgrade to Enterprise if you see the value in Atlassian Analytics and the extra automation quota and AI credit. If you go enterprise, please note that your apps billing are still separated. Hence you can create a new site for one small team to reduce the apps cost for example.

If there is no value to go Enterprise, I would suggest to disable SSO for the second site.

Hope it helps.

Regards,
Septa Cahyadiputra

View More Comments
Vikrant Yadav
Vikrant Yadav
Community Champion
May 19, 2025

Hi @Septa Cahyadiputra  We have claimed same domain in both the orgnization. 
Due to this in Managed Account, it's not showing any account. 
As we have already claimed account in another organization. 
If user is into managed account then how will they count under Atlassian Guard billable ? 

Like
Vikrant Yadav
Vikrant Yadav
Community Champion
May 19, 2025

Do External users non-abc.com users also count under Atlassian Guard billable ? 

Like
Like Vikrant Yadav likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.