Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Claim domain accounts, exclude from Guard

Laurence Oldfield
Laurence Oldfield
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 15, 2025

Hi,

I'm going through the process of setting up SAML SSO for our Atlassian/JIRA suite, part of which is claiming users for our domain. I can't figure out how to exclude claimed users from an Atlassian Guard license, is this at all possible? 

It seems that unlike other standard apps (JIRA, Confluence) I'm unable to restrict access to it. There's no context menu. We've only got 25 licenses, but 93 users to claim (mostly non-enterprise Trello) that we don't want to pay for. 

Thanks

Answer
Watch
Like Be the first to like this
85 views

2 answers

0 votes
Utkarsh Agarwal
Utkarsh Agarwal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 15, 2025

Hi @Laurence Oldfield 

Welcome to the community!

With an Atlassian Guard subscription, you can create a non-billable policy when you don’t want to pay for certain users.

Refer: https://support.atlassian.com/security-and-access-policies/docs/what-is-a-non-billable-policy/ 

Kind Regards
Utkarsh

Reply
0 votes
Hari Krishna
Hari Krishna
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
July 15, 2025

Hi @Laurence Oldfield ,

You can avoid unnecessary Atlassian Guard license usage by limiting SCIM provisioning from your identity provider.

In your IdP (like Okta or Azure AD), create a group for only the users who need SSO (like Jira or Confluence users). Then configure SCIM to sync only this group to Atlassian Access.

This way, even if you've claimed the domain, users outside the synced group (like Trello-only users) won't be provisioned and won’t consume a Guard license. Also, make sure they don’t have any product access assigned in Atlassian Admin.

This setup allows you to keep using SSO and security policies for the required users while staying within your license limits.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security