Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to claim fully of domain accounts after perform domain verification successfully

fp2018
fp2018 May 20, 2025

We just implemented JSM and verified our company domain, subscribed to the Atlassian standard plan, and integrated JSM with our Azure Entra. However, when we perform automatic account claims from JSM, it only returns about 30+ from 400+ Azure Entra accounts. How do we claim the rest of the Entra accounts into JSM managed accounts so they can use SSO?

Also, if we invite our users as Customer in JSM project, will it incur license cost for Atlassian Guard ? What is the criterion/condition which cause license charge of Atlassian Guard?

Thanks for your help.

Answer
Watch
Like Be the first to like this
179 views

2 answers

1 accepted

0 votes
Answer accepted
Gerusa Lobo _e-Core_
Gerusa Lobo _e-Core_
Atlassian Partner
May 21, 2025

Hi @fp2018 

How do we claim the rest of the Entra accounts into JSM managed accounts so they can use SSO?

First of all, you can check in domain verified if the total account = available + claimed accounts and set the claim as automatic.

If you have any difference, probably your domain was verified in another organization. The accounts can only be claimed in one organization, where they could be managed and provisioned.

If the quantity is equal, you can proceed with the provisioning of the users ans groups. The provisioning will create the new Atlassian accounts. 

Or if you don't use the provisioning, you can invite the users and put them in a SSO police and in a correct groups.

Also, if we invite our users as Customer in JSM project, will it incur license cost for Atlassian Guard ? What is the criterion/condition which cause license charge of Atlassian Guard?

You need have, at least , two separate groups:

A group for agents and a group of the customers.

Each group need to be configured with the correct users access in JSM.

Customer as customer

Agent as agent

The users in these groups will have the correct access.

Even customers are in a SSO police and provisioned, they won't need a Guard Licensing, only agents need it.

If you have any doubt about it, please let me known.

Regards.

View More Comments
fp2018
fp2018 May 22, 2025

Hi Gerusa, thanks for you answer on the Atlassian Guard Standard license which is not applicable for JSM customers.

On the claim domain accounts, we still stuck with it. The total accounts (available+claimed account) is less a lot if we compare with total Azure Entra accounts. FYI, we already setup the claim as Automatic after done the domain verification.

 Could you explain more on the following "If you have any difference, probably your domain was verified in another organization. The accounts can only be claimed in one organization, where they could be managed and provisioned" ?

How do we know that our domain has been verified by another organization ? And how to resolve it ?

Also could you explain more on the following "Or if you don't use the provisioning, you can invite the users and put them in a SSO police and in a correct groups." ? 

We may use it as an alternative way if the claim account issue is still not resolve.

Thanks for your help again.

Like
Gerusa Lobo _e-Core_
Gerusa Lobo _e-Core_
Atlassian Partner
May 23, 2025

Hi @fp2018 

To verify if there is another organization with same domain verified, please check:

Screenshot_20250523-075115~2.png

All Accounts = Managed Accounts + Available to Claim, as image above.

If yes all Atlassian Account with this domaim were available to claim and the domain is verified only in your organization.

Also, could be a difference between the number of the Atlassian account and Entra ID accounts.

For Atlassian, only the emails already used in Atlassian products have an ID and became an Atlassian account.

So, after invited or provisioned,  new emails from Entra ID in Atlassian organization, these accounts will be became an Atlassian Account.

If you found a difference between All Accounts and Managed Accounts + Available to Claim, you have a domain verified in another organization.

To check it you could export the accounts. In the line of domain configuration, there is 3 dots, and an option to export accounts.

Screenshot_20250523-084434.png

To solve it,you have 2 options:

Share domain with another organization or You can try disable the domain Atlassian verification code in Domain provider or identify the another organization and delete the domain configuration.

Regards

Like
fp2018
fp2018 May 30, 2025

Hi Gerusa

Thanks for your help.

We are able to resolve it based on your guidance.

Like
Reply
0 votes
Hector Menchaca
Hector Menchaca
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 21, 2025

Hello @fp2018 ,

Are you verifying your domain via Osync(Entra)? or how are you doing it?

Regarding the billing side of things, here is an example of how billing works on JSM:

  • If your organization has 30 agents on Jira Service Management and 500 helpseekers (customers), the user count on your Atlassian Guard Standard bill is 30. We won’t count the 500 helpseekers towards your bill.

Thanks!

View More Comments
fp2018
fp2018 May 22, 2025

Thanks for the clarification on Atlassian Guard Standard license which are not applicable for JSM customers.

On the verifying domain, we are verify our domain via DNS following this guide:

Verify a domain to manage accounts | Atlassian Support

after that, we setup the automatic claim from JSM - Setting - Domains. However, the claim process did not return all the azure Entra accounts hence we can't assign the Atlassian guard SSO as they are not JSM managed accounts.  

We stuck on this. Any hints to resolve it ? Thanks.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Atlassian logo
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.