Atlassian Guard Pricing & Licensing

An organization admin can create organizations, claim domains and manage all user accounts on the claimed domains, including making changes to the account profile, email address and password. The organization admin can also configure and enforce security policies for the organization via an Atlassian Guard subscription. To become an organization admin, a user must be a site administrator for a cloud site, then an existing organization admin can add the new account as a new organization admin.

• Site Administrators have the highest administration privileges on a cloud site. They can be considered as the owners of that cloud site.
• Administrators have administration access only to the applications of your cloud site. These are the day to day administrators of your cloud site.
• Billing contacts will be notified of changes to the bill and have access to manage your subscription through my atlassian.com. These are the people who are interested in the ongoing billing of your service.

Your Site Administrators and Administrators are managed through your cloud site and your billing contacts are managed through my.atlassian.com. If no Site Administrators are active users, it will be necessary to contact your internal IT team to grant you access to the email address associated for the previous contact. You can then use the 'Unable to access your account?' link from your cloud site.

When domain verification is completed, the user's Atlassian account becomes a "managed" account. This allows the organization admin to manage the name and email address for those accounts. The organization admin can also disable managed users which removes access to all cloud products and any other systems that uses Atlassian account like my.atlassian.com, support.atlassian.com, community.atlassian.com to name a few.

A billable account is any managed account that has access to Jira, Confluence, Bitbucket, Jira Service Management (agents only), or Trello. When a user has access to any of those products, that user is considered billable. 

The number of managed users in your organization will be greater than, or equal to, the number of billable users since not all managed users have access to Atlassian Guard Standard supported products. Managed users in a non-billable authentication policy will not be considered billable users.

Any organization admin can add/remove additional organization admins from within admin.atlassian.com: 

1. Start your journey by going to admin.atlassian.com - your central administration center.
2. Choose your organization. Atlassian Guard works on the organization-level (not the site-level) so click on the organization you’d like to apply Atlassian Guard policies on top of.
3. Select Administrators in the left navigation panel
4. Use the Add administrators button to add new administrators then let them know they are now an organization admin. To remove Administrators, use the "remove" button to the right of a name.

Note: a user does not have to already be a site admin to be made an organization admin.

No, Jira Service Management (JSM) portal-only accounts that only submit tickets are not billable for Atlassian Guard Standard. Only JSM agents that log in using a managed account are billable for Atlassian Guard Standard.

Billing and technical contacts are managed through my atlassian.com. Complete instructions for updating these administrative contacts can be found in this documentation. 

Once you are on a paid subscription, an email will be sent to all billing and technical contacts 3 days prior to the billing date if there has been an increase in the upcoming estimated bill relative to your previous bill. You can manage your technical and billing contacts through My Atlassian.

Since Atlassian Guard is an organization-wide cloud subscription, you must be a site administrator to sign up for a trial.

Follow these steps to get started with your Atlassian Guard Standard evaluation:

1. Start your journey by going to admin.atlassian.com - your central administration center.
2. Choose your organization. Atlassian Guard Standard works on the organization-level (not the site-level) so click on the organization you’d like to apply Atlassian Guard Standard policies on top of.
3. Verify your domain. Before you can take advantage of Atlassian Guard Standard features you’ll need to verify your domain to begin managing all of the Atlassian accounts at your company.
4. Start your 30-day free trial of Atlassian Guard Standard. Just click on one of the security features like SAML single sign-on, click Learn more, and click the Try it free for 30 days button.
5. Enable a feature of Atlassian Guard Standard. Start taking advantage of SAML SSO, user provisioning (SCIM) enforced two-step verification, audit logs, and more. 

Trials for Atlassian Guard Premium will be available at GA, and instructions will be added here at that time. Subscribe to our roadmap to track our progress.

Atlassian Guard Standard trials are for 30 days. As an organization admin, you can subscribe to Atlassian Guard Standard after you've created an organization and verified a domain. The trial begins when you click Try it for free for 30 days. The organization admin will need to configure SAML single sign-on and two-step verification after starting the Atlassian Guard Standard trial.

The organization admin(s) can add credit card or PayPal account details at any point during the trial. Once you add payment information, you will be signed up for a monthly subscription, following the 30 day trial. The card on file will be automatically charged when the trial ends for the next month's subscription.

If you wish to pay annually, you can contact us and we will provide you with a quote that you can pay for by credit card, bank transfer, or check.

If we do not receive payment, shortly after the end of the trial we will unsubscribe you from Atlassian Guard Standard. The following changes will happen:

• Managed users won't log in using SAML single sign-on. Instead, they'll log in using their Atlassian account. Some users may need to set a new password for their Atlassian account.
• Two-step verification will no longer be enforced, so managed users can choose to disable that for their Atlassian account at any time.

The organization and verified domains are unaffected by unsubscribing, and the organization admin will still be able to view and update the Atlassian accounts for their managed users.

An authentication policy defines how a user must authenticate in order to access an application that belongs to the organization. The purpose of the policy is to protect the organization against a security incident by verifying that each user is who they claim to be.

Atlassian Guard org admins will be able to set multiple authentication policies to apply to different subsets of users in their organization. Org admins can use an authentication policy to test their SAML configuration by enabling SSO on a small subset of users before rolling it out to the whole organization.

The settings that can be configured through authentication policies are:

• Single sign-on (SSO)
• Enforced two-step verification (2SV)
• User API tokens
• Password policies (password strength, password expiry)
• Session duration

Atlassian Guard org admins will also have the option to select one authentication policy to be a non-billable policy. This non-billable policy will be excluded from the Atlassian Guard subscription. If there is a subset of users an org admin does not want to apply any Atlassian Guard features to (SSO, 2SV, etc.), they can be placed in this policy (cannot be the default policy) and these users will not be billable for Atlassian Guard.

Your managed accounts provide you with a pool of users for authentication policies. You assign users to be members of policies. Your organization starts with a default authentication policy. The default policy contains login settings for its members. When you provision new managed accounts, we add them as members to your default policy.

For more information, please see Understanding Authentication Policies.

You can use a non-billable policy when you don’t want to pay for certain users under your Atlassian Guard subscription. We won't bill you for members in a non-billable policy.

You can only have one (1) non-billable policy. You can only create a non-billable policy with a subscription to Atlassian Guard. A non-billable policy has limited security for its members. When you edit authentication policies and make a policy non-billable, you won't be able to:

• Enforce single sign-on
• Require two-step verification
• Block creation of user API tokens
• Add users that you sync from your identity provider (e.g., Okta, Entra ID (fka Azure AD, Google Cloud) to the policy

You can easily update your policy back to all security settings. Once you do its members may count towards your Atlassian Guard bill.

A default policy can’t be a non-billable policy. A default policy is always billable. If you don't want to pay for certain members, make a different policy non-billable and add them to it.

For more information, please see Understanding Authentication Policies.

Atlassian Guard Standard is billed by the total number of unique users accessing any of the Atlassian Guard Standard supported products (Jira, Confluence, Bitbucket, Jira Service Management Agents, Trello). No matter how many products or sites a user has access to, they are a counted a single unique billable user.

Atlassian Guard Standard uses progressive pricing. Please use the Atlassian Guard Online Calculator tool to get an estimate.

At the end of your billing period, the credit card or PayPal account on file will be automatically charged based on the number of unique users within your organization. The contact(s) on file will receive a purchase confirmation and paid invoice.

Both Atlassian Guard plans bill the total number of unique users that access at least one supported product.

For Atlassian Guard Standard:

• Supported cloud products are Jira, Jira Service Management, Confluence, Bitbucket, Trello, Statuspage
• Billing applies to managed users only
• Users in non-billable authentication policy are excluded from the Atlassian Guard Standard billUsers covered in a Cloud Enterprise plan will be excluded from the Atlassian Guard Standard bill

For Atlassian Guard Premium:

• Supported cloud products are Jira and Confluence
• Billing applies to both managed and external users
• Users covered by a Cloud Enterprise or Atlassian Guard Standard will be billed a price difference

Atlassian Guard Premium is currently in limited availability. To learn more about Atlassian Guard Premium, including billing & licensing questions, please register your interest. If you're selected, our team will be in touch and can share additional details.

Atlassian Guard Standard is available for free for eligible Community and Academic customers. Please Contact Us to learn more.

Atlassian Guard Standard is billed when a managed account has access to any of the supported products:

• Jira
• Jira Service Management (Agents)
• Jira Product Discovery
• Confluence
• Compass
• Bitbucket
• Trello

Individual site administrators manage the users for the products on their specific Jira and Confluence sites. We recommend collaborating with your organization's site administrators before disabling managed users.

As an organization admin, you can disable a user's Atlassian account to remove their access from Atlassian applications. Please note, disabling a user will also remove the user from using that Atlassian account to raise technical support tickets, access their my.atlassian.com account, community.atlassian.com, and other free services.

To disable a user's Atlassian account in Atlassian Guard Standard

1. Go to Organization > Managed Users. (You must be an organization admin to manage users' Atlassian accounts.)
2. On the managed users screen, select edit account for the account you want to disable.
3. Under options, select Disable account. This action will prevent the user from accessing any cloud applications and services (my.atlassian.com, support.atlassian.com, community.atlassian.com).

Disabled accounts will not count towards your Atlassian Guard Standard bill. You can always re-enable a user's account later from the managed user screen.

There are two kinds of users: managed and billable. 

To view the managed users, the organization admin will: 

1. Start by going to admin.atlassian.com - your central administration center.
2. Choose your organization. Atlassian Guard works on the organization-level (not the site-level).
3. Select the Managed Users in the left navigation panel

Billable users are managed users that have access to the below cloud products:

• Jira
• Jira Service Management (Agents)
• Confluence
• Bitbucket
• Trello
• Statuspage

To see the total number of billable users, an organization admin will:

1. Go to the Administration area of your cloud site (Jira or Confluence) or go to admin.atlassian.com
2. Click Security under organizations & Security in the left navigation panel (skip this step if going to admin.atlassian.com)
3. On the admin.atlassian.com click Billing on the left navigation panel
4. Select Bill Estimate to see the total number of billable users and the next bill estimate

Yes. If a user signs up for the free versions of Jira, Jira Service Management, or Confluence Cloud on a domain governed by Atlassian Guard Standard they will be included as a billable user under their Atlassian Guard Standard subscription.

Please note, with Atlassian Guard Standard you'll only ever be charged once per user who has access to a cloud product. If a user has access to both a paid Jira site as well as a free Jira site, they will be counted once towards your bill each billing cycle.

Billable users are any enabled managed users that have access to any of the Atlassian Guard Standard supported products listed below. Managed users in a non-billable authentication policy will not be considered billable users.

Atlassian Guard Standard supported products:

• Jira
• Jira Service Management (Agents)
• Confluence
• Bitbucket
• Trello
• Statuspage

No matter how many products or sites a user has access to, they are counted as a single unique billable user across all products. You do not pay by specific product or site, and you'll only pay once per each user.

With Jira Service Management (JSM), only the JSM agents handling the tickets (assuming these agents don’t already have access to one of the other Atlassian Guard Standard compatible products) are billable for Atlassian Guard Standard. The users submitting JSM tickets (portal-only accounts) are not billable, as long as they don’t have access to other AtlassianGuard Standard compatible products.

Refer to our documentation for various Atlassian Guard Standard billing scenarios.

To ensure timely payment for monthly subscriptions, we're only able to accept payment via credit card (Visa, Master Card, and American Express)* or PayPal. 

*Unfortunately, we are unable to accept Discover credit cards for monthly renewals. 

The organization admin can update the credit card on file by:

1. Start by going to admin.atlassian.com - your central administration center.
2. Choose your organization. 
3. Select Billing to open the billing panel
4. Select Billing Details to update the credit card/Paypal account and billing address

The primary billing contact can also update the credit card via My Atlassian (Paypal can only be updated within Billing Details screen at admin.atlassian.com.)

The new card or PayPall account will be charged on the next billing date.

In some cases, card issuers will place an authorization hold on funds (making them unavailable) for the amount of the purchase. Atlassian settles the transaction immediately (known as "settlement"), but the authorization hold can remain from 1-5 days until it "falls off" depending on your card issuer's policies.

If the funds are not made available 5 days after the transaction, we recommend contacting your card issuer (Visa/American Express/MasterCard/etc) to see when the authorization hold will drop off.

If you wish to convert to an annual subscription during your trial, you can Contact Us to ask about what is involved with switching your subscription type. 

If you wish to convert to an annual subscription once you are in a paid monthly subscription, organization admins can navigate to the billing section of the admin.atlassian.com and click on 'Billing Details'. They can then click on the 'Switch to an annual payment plan' link to generate an annual quote, and either pay later with a quote or pay now by credit card.

If you're looking to lower your monthly bill there are a few strategies for doing this:

• Convert to an annual subscription. Annual subscriptions currently offer a discount that equates to 2 months free on an annual basis. Learn how to convert to an annual subscription.
• Contact Site Administrators for other cloud products in your organization to verify their user base is still active users. Site Administrators also pay for their users to have access to cloud products, so they generally are actively managing their users. You can then disable the Atlassian accounts of managed users in your organization who are no longer active. 

Atlassian Guard Standard is billed by the total number of unique users accessing any of the Atlassian Guard Standard supported products (Jira, Jira Service Management (Agents), Jira Product Discovery, Confluence, Compass, Bitbucket, Trello). No matter how many products or site a user has access to, they are counted a single unique billable user.

Atlassian Guard Standard uses progressive pricing like Jira and Confluence Cloud, so the more users you have we have built in a pricing discount.

Please use the Atlassian Guard Online Calculator tool  to get an annual subscription estimate.

You must purchase a one year subscription of Atlassian Guard upfront. Annual subscriptions are tier-based and currently offer a discount that equates to 2 months free on an annualized basis.

Atlassian Guard Standard is billed when a managed account has access to any of the supported products:

• Jira
• Jira Service Management (Agents)
• Confluence
• Bitbucket
• Trello

Individual site administrators manage the users for the products on their specific Jira and Confluence sites, we recommend collaborating with your organization's Site Administrators before disabling managed users.

As an organization admin, you can disable a user's Atlassian account to remove their access from Atlassian applications. Please note, disabling a user will also remove the user from using that Atlassian account to raise technical support tickets, access their my.atlassian.com account, community.atlassian.com, and other free services.

To disable a user's Atlassian account in Atlassian Guard Standard

1. Go to Organization > Managed Users. (You must be an organization admin to manage users' Atlassian accounts.)
2. On the Managed Users screen, select Edit Account for the account you want to disable.
3. Under Options, select Disable Account. This action will prevent the user from accessing any cloud applications and services (my.atlassian.com, support.atlassian.com, community.atlassian.com). 

You can always re-enable a user's account later from the managed users page.

To see the total number of billable users, an organization admin will:

1. Start by going to admin.atlassian.com - your central administration center.
2. Choose your organization. 
3. On the admin.atlassian.com click on Billing on the left navigation panel
4. Select Bill Estimate to see the total number of billable users and the next bill estimate.  

At this time, it is not possible to generate an upgrade quote from my.atlassian.com or within admin.atlassian.com.

Please Contact Us to request an upgrade quote.

• Trialers: during your 30 day trial, the organization admin can Contact Us to request an annual quote for the number of users they require.
• Paid monthly subscription customers: organization admins can navigate to the Billing section of admin.atlassian.com and click on 'Billing Details'. Then click on the 'Switch to an annual payment plan' link to generate an annual quote, and either pay later with a quote or pay now by credit card.

If you're looking to upgrade or downgrade upon your renewal date, please contact us via our Contact Us form. 

Payment can be made by credit card, bank transfer, mailed check, ACH (US banks only), and Net-30 terms for orders above $10,000. Complete payment details appear on the first page of an official quote and on our How To Pay page.

Organization admins can view invoices on the Billing History page in admin.atlassian.com. Primary billing and technical contacts can view invoices and quotes via My Atlassian.

The primary billing and technical contacts will receive a renewal quote 60 days prior to the end of the billing period. They can also retrieve the renewal quote via My Atlassian.

If you're looking to upgrade or downgrade upon your renewal date, please contact us via our Contact Us form.

The organization admin can monitor licensed usage at any time on the Manage Subscriptions page in admin.atlassian.com. If you need to raise your licensed user limit, please Contact Us to request an upgrade quote. 

To unsubscribe an Atlassian Guard Standard trial or paid subscription, the organization admin will:

1. Start by going to admin.atlassian.com - your central administration center.
2. Choose your organization. 
3. Select Billing in the left navigation panel
4. On the Manage Subscriptions panel select Unsubscribe from the drop-down and confirm by entering "UNSUBSCRIBE"

SAML single sign-on and two-step verification functionality will immediately end and the following changes will occur:

• Managed users won't log in using SAML single sign-on. Instead, they'll log in using their Atlassian account. Some users may need to set a new password for their Atlassian account.
• Two-step verification will no longer be enforced, so managed users can choose to disable that for their Atlassian account at any time.

When you are unsubscribed from Atlassian Guard Standard, you'll see the following changes take effect immediately:

• Managed users won't log in using SAML single sign-on. Instead, they'll log in using their Atlassian account. Some users may need to set a new password for their Atlassian account.
• Two-step verification will no longer be enforced, so managed users can choose to disable that for their Atlassian account at any time.

However, critical configurations, such as those for SAML and SCIM, will be retained. Your organization and verified domains are unaffected by unsubscribing, and you will still be able to view, manage and update the Atlassian accounts for your managed users.

You can restore your settings by contacting support to reactivate your Atlassian Guard Standard subscription. As long as you reactivate your subscription within 14 days after it becomes inactive, you can avoid permanently losing Atlassian Guard Standard configurations, such as those for SAML and SCIM.

Refer to our documentation for more details.

Refunds for Atlassian Guard Standard are only available within the first paid month after the trial period for monthly subscriptions and within 30 days of payment for annual subscriptions. After these periods we cannot offer refunds.

Server and cloud products are not interchangeable and refunds are not available after 30 days of the initial purchase, see our Cloud Refund FAQ for details.

Use of cloud is governed by the Atlassian Customer Agreement and Product Specific Terms.

Within Atlassian's current price structure, we're unable to make any changes to our standard customer terms. If you consider our pricing model and the costs of creating and managing individual agreements with each of our customers, you can begin to understand our position.

Maintaining standard terms with all of our customers allows us to focus our resources on meeting our obligations under these agreements. Do keep in mind of course that our customer terms have been very carefully authored to be fair to both you and us.