Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Clarification: Customer Access vs Email Channel Allowlist in Jira Service Management

Pavankumar Machireddy
Pavankumar Machireddy
March 18, 2026

Hello All,

We have a requirement to restrict external users/domains (e.g., gmail.com) from raising requests via both the customer portal and the email channel in Jira Service Management.

We tested the following configurations:

  • Email channel allowlist
    Project settings → Channels and self-service → Email → Manage allowlist
    However, even when a domain is not added to the allowlist, users are still able to create tickets via email if they are allowed under Customer Access.

  • Customer Access – External
    Customer access → External → Only allow account creation for customers with specific email domains
    When domains are allowed here, users can create requests via both portal and email, regardless of the Email allowlist configuration.

This raises a couple of questions:

  1. What is the intended purpose of the Email channel “Manage allowlist”, and when is it actually enforced?
  2. Which setting takes priority — Customer Access domain restriction or the Email allowlist?
  3. To restrict external domains from raising tickets on both portal and email, is configuring Customer Access → External domain restriction is it the correct and sufficient approach which i am doing?

Looking for clarity on the expected behavior and best practice for this use case.

Thanks in advance!

 

Answer
Watch
Like Be the first to like this
100 views

3 answers

0 votes
Gunjan Kumar
Gunjan Kumar
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 18, 2026

Hi @Pavankumar Machireddy 

Your understanding is right. In JSM, the email allowlist doesn’t actually control who can raise requests, it only affects how emails are handled. So if a user is already allowed through Customer Access, they can still create tickets via email even if their domain isn’t in the allowlist.

To properly restrict external domains, the correct setting to use is Customer Access -> External -> allow only specific email domains. This controls access for both the portal and email. Just keep in mind that users who are already added as customers can still raise requests, so you may need to remove them if you want to fully enforce the restriction.

Reply
0 votes
Arkadiusz Wroblewski
Arkadiusz Wroblewski
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 18, 2026

Hello @Pavankumar Machireddy 

From what you described, your understanding is basically correct.

The Email channel allowlist is not the setting that decides who is allowed to raise requests in general. Its purpose is to make sure emails from trusted domains are never filtered out by the email channel. The opposite control for email is the blocklist, where messages from listed domains or addresses are always filtered out.

For your second question, I would say Customer Access / Channel access is the effective controlling setting for who can create requests through portal and email. Atlassian’s current JSM docs say that channel access controls who can send requests through the portal, widget, and email, and the customer access settings also control whether customers can create accounts by sending an email request. That matches the behavior you saw in testing.

So for your third question: yes, if your goal is to restrict external domains from creating tickets through both the portal and the email channel, then configuring Customer access → External → only allow account creation for customers with specific email domains is the right primary approach.

View More Comments
Pavankumar Machireddy
Pavankumar Machireddy
March 18, 2026

Great explanation @Arkadiusz Wroblewski Thanks!

Like Arkadiusz Wroblewski likes this
Reply
0 votes
Himanshu Tiwary
Himanshu Tiwary
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Champions.
Get recognized
March 18, 2026

Hi @Pavankumar Machireddy ,
Customer Access domain restriction is the correct setting to enforce this use case
follow customer Access > External > allow only specific email domains to controls who can raise requests through both the portal and email.
Basically Restrict domains in Customer Access and, if needed, use the email allowlist/blocklist only as an additional email-channel control.

View More Comments
Pavankumar Machireddy
Pavankumar Machireddy
March 18, 2026

Thanks for clarification! @Himanshu Tiwary 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Management
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security