Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Whitelisting domains for access to Jira/Confluence

Kit Friend
Kit Friend
Community Champion
November 21, 2023

Has anyone found a simple way to whitelist domains so that ONLY users from specific domains can be added to minimise risk of errors by admins?

e.g. I want only users with emails ending @Yellow.com and @blue.com to be eligible to join an instance 

I've searched but can only find options to whitelist entire domains so that anyone from them can register etc...

Answer
Watch
Like Bastien Delourmel (FMX) likes this
1691 views

1 answer

0 votes
Ste Wright
Ste Wright
Community Champion
November 22, 2023

Hi @Kit Friend 

You can whitelist specific approved domains using the user access settings - see this help page 

Or is it more complex than that with sub-domains, eg.

  • @test.com is the main domain
  • @test-yellow.com should be whitelisted
  • @test-blue.com should not

---

If yes, I'd probably look at user provisioning as a first option (albeit outside the platform). 

An alternative would be to also direct users through a JSM help desk (or an equivalent ITSM tool) and use APIs / Automation to trigger this, eg.

  • User makes access request
  • Web requests get user's account information
  • Check if user does not have access
  • If NO, check if user's domain meets acceptable criteria
    • If YES, add user to relevant access Group
    • If NO, send user's request for approval

Ste

View More Comments
Kit Friend
Kit Friend
Community Champion
November 23, 2023

Thanks @Ste Wright  that's the page I got stuck at before tbh. 

My understanding of that page (and the config) is that it works well if I want to say "let everyone from @test.com sign up themselves" but (I believe) it doesn't stop people from other domains being added. 

My use case is basically that I want to stop admins accidentally opening up access to users outside a company.

My brain is furring up ahead of the weekend but I think that the user provisioning route would need me to be doing it at domain level? I'll have a read with fresh eyes perhaps :) 

Like
Ste Wright
Ste Wright
Community Champion
November 24, 2023

Hi @Kit Friend 

I'd consider whether the accidental domain adding could be managed through training and good security practices - i.e it's not a setting to never look at, it should be reviewed on a semi-regular basis.

For user provisioning, I'd encourage checking out the help page on this as a good starting point: https://support.atlassian.com/provisioning-users/docs/understand-user-provisioning/

Ste

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security