Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Jira Service Management’s Organizations Field: Exposed Behavior

In the dynamic environment of Jira Service Management (JSM), where teams collaborate seamlessly to address customer needs, there’s a peculiarity in how the default behavior of the Organizations field operates, often going unnoticed. This seemingly safe field has implications that extend far beyond its apparent functionality, potentially posing privacy risks and compromising the accuracy of reports per organization within JSM.


Why Doesn’t the Organizations Field Populate Automatically for Every Customer Request?


In Jira Service Management (JSM), the organizations field is vital for organizing and managing customer requests. However, there are cases where the organizations field doesn’t populate automatically for future requests from the same customer, particularly when the requests are raised through the customer portal without the customer logging in, accepting their invitations, or when their email domain doesn’t match the organization’s domain.


Portal with text  (1).png



In such cases, the system may not automatically associate the request with the customer’s organization, even if the agent has manually added them to it in the Settings beforehand.




This limitation may lead agents to manually add the organization to the request itself.





Understanding the Default Behavior


Many JSM users may not be aware that when agents manually add organizations directly into the empty field within a customer’s request, they inadvertently share the request with the entire associated organization. The default configuration of the Organizations field allows for multiple selections, enabling agents to share requests not only within the requester’s organization but potentially across others as well. In simpler terms, if your Organizations field is filled out, then this request becomes visible to the entire organization it’s associated with.

It’s likely that every customer from this organization receives a notification about it.




Unveiling the Security Risks


The implications of this default behavior are profound. Requests that are shared with entire organizations may expose sensitive information to a wider audience than intended. What was once a private interaction between a customer and support agent becomes visible to a broader spectrum of individuals within an organization, raising concerns about data privacy and confidentiality.

Imagine a scenario where a support ticket contains proprietary or confidential information meant for the eyes of a select few. With the default Organizations field behavior, such information becomes accessible to every member within the associated organization, inadvertently increasing the risk of data breaches and internal leaks.


Challenges in Organizational Reporting: If Not Shared, It’s Not Included in the Report


Moreover, the default behavior of the Organizations field complicates organizational reporting within JSM. While many teams seek insights into ticket volumes and trends across different organizations they support, relying on the native or even third-party apps’ reporting capabilities becomes unreliable. Given the default behavior of the field, when generating reports per organization in Jira, only shared requests are included in your report.

Requests that were not shared are considered ’empty’ because their organizations field is not populated.






The default behavior of the Organizations field in Jira Service Management may seem innocuous at first glance, but upon closer inspection, reveals hidden risks and challenges that demand attention. From inadvertent data sharing to compromised organizational reporting, the implications of this default feature extend far beyond its surface functionality.

Check out our article about Reporting on Organizations Field in Jira where we explore further how custom fields, automation, and the Performance Objectives app (or other Jira reporting tools) can assist teams in navigating towards a future where insights foster informed decision-making without compromising privacy or security.



Log in or Sign up to comment
Elena Lurye March 20, 2024

What would happen if automatic sharing with Organizations is set to "no"?
Will adding Organization to the request share it with Organization anyway?

Like Polina-NaraSyst- likes this
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
March 21, 2024

Hi @Elena Lurye, thank you for your question!

Basically, if the 'Organizations' field is populated, it becomes shared. When site admins disable automatic sharing with Organizations in the global settings (the image below), the 'Organizations' field in new tickets will remain empty. However, if agents manually fill in the 'Organizations' field in tickets afterward, they will be shared with the Organization and can be accessed via the customer portal by all organization members.

2024-03-21 10_04_27-image (8).png


Kind regards

Like Elena Lurye likes this
AUG Leaders

Atlassian Community Events