General Inquiry

Hi @IT Support Cyberensic ,

I completely understand the goal of having access exclusively pass through your IT team. There are a few areas that will enable this:

First, you'll want to ensure you're using Atlassian Guard, and have a compatible Identity Provider configured. With this configuration, you can link groups in your Identity Provider with the Atlassian Cloud User Directory, and then grant access to specific app roles via those synced groups. Access to these synced groups then will be configured via your Identity Provider, and users that are granted access will automatically be granted the license you configure.

For example, if you have a group called App-Atlassian-Jira-User, you can configure this group in the Atlassian Cloud Directory to grant all members a Jira user license / role. Then, in your Identity Provider, you can add all users who should have a Jira license to this group. Once the sync occurs (as frequently as hourly), all users will be granted the associated license.

As for disallowing invites and automatic access, this can be configured via the App Access Settings within the Admin portal. There are a few sections you'll want to configure:

• The first tab is called "Approved domains", and this will include a list of all approved and verified domains. The settings in this tab will automatically grant users access to product roles if they have an account with a specific domain, or require admin approval for this access. You'll want to ensure that all domains, including the Any Domain wildcard, are set to grant 0 product access or roles.
• The second tab is called "User invites", and this controls how users are able to invite others to your instance. You'll want to go down the list of all apps, and configure each to "Don't allow invites".

With both of these, you should have a much more locked down system, where access is only accessible via your IT team and synced groups.

You can read more about these settings here: https://support.atlassian.com/user-management/docs/control-how-users-get-access-to-products/

As for your final question, preventing JSM Customers from begin listed in your Cloud Directory, I do not believe there is a way to accomplish this. Users that need to submit to your portal will need an account in order to authenticate and track submissions. This will require an Atlassian Account to exist, and be granted the Customer role for Jira Service Management.

There are settings at the instance and project level that give you control over who can create new accounts, but ultimately an account will need to exist.

You can read more about the access settings here: https://support.atlassian.com/customer-service-management/docs/manage-customer-access-to-your-channels/

Hopefully this is helpful

Robert

If this answered your question, I'd appreciate you accepting my answer.