Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Addressing Shadow IT Challenges

December 18, 2024

Hello Community, we understand that Shadow IT can be a significant challenge for many of you, especially since the Product request feature, which helps control user sign-ups for products—is exclusively available with the Enterprise plan. Please know that we are here to support you in navigating these difficulties. Together, we can explore alternative solutions that meet your needs and take proactive steps to ensure that users don't unintentionally create sites.

 

What’s the Deal with Shadow IT? 🤔

When someone from your verified domain creates a new Cloud product, it can trigger a notification to the admins managing these Atlassian accounts. This means that even if you’re just trying to get things done, you might unintentionally complicate your organization’s workflow.

Here’s the Scoop:

When you search for Jira or Confluence in your browser, you might end up at these links:

And before you know it, you’re creating a new product without even realizing it!

 

How to Keep Things in Check 🛡️

Option 1: Firewall Rules 🔥

One way to tackle this is by introducing a firewall rule in your corporate network/VPN. This will restrict access to certain addresses, like:

By doing this, your managed users won’t be able to create Atlassian organizations themselves. This means no accidental product creation and a more secure environment for everyone!

Note: This rule won’t block you from adding products to your current organization, but it will prevent the creation of separate cloud sites.

Option 2: Internal Communication 📢

Another approach is to send out an internal communication. Let’s remind everyone to access products through the site URL directly or via https://id.atlassian.com/manage-profile/products. This way, we can avoid any accidental site creations outside your organization.

And hey, if you want to test out some products in Atlassian Cloud, feel free to use your personal Atlassian accounts for that!

 

Let's Collaborate 🤝

If you have any other solutions or experiences to share, feel free to drop them in the comments below!

By working together and staying informed, we can create a safer and more efficient environment for everyone. Let’s keep our community strong and secure! 💪✨

Comment
Watch
Like # people like this
241 views

5 comments

Tomislav Tobijas _Koios_
Tomislav Tobijas _Koios_
Solutions Partner
Solution Partners provide consulting, sales, and technical services on Atlassian products.
December 18, 2024

Option 2 is the method we currently use to communicate this limitation to clients, but it is not nearly sufficient.

Option 1, on the other hand, is not viable for most clients. In fact, I believe we don't have a single client where all users are strictly working from the office. Even government institutions have adopted hybrid work models. This approach would only restrict users from opening new sites while in the office, but once they are working from home, new sites and products will continue to appear.

This issue has been discussed multiple times in various meetings, articles, and suggestion tickets. However, none of the proposed "workarounds" address the core problem. The limitation on product creation at the organizational level remains unresolved, and it’s not clear why this is not being prioritized as a feature (for all pricing plans).

Don’t get me wrong—any solution is better than none. However, I strongly believe that these shadow IT challenges should be properly addressed by Atlassian.

Like
Rodrigo B_
Rodrigo B_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 18, 2024

Just a thought and eager to hear from someone that has tried or is willing to try it:

Some companies manage the web browser used by their employees, this is an example of how you can blocklist certain URLs using Chrome: https://support.google.com/chrome/a/answer/7532419?hl=en#zippy=%2Clinux

Would that be a viable option, is it available for other browsers? Looking forward to hearing (reading?) from the community!

Like
Darryl Lee
Darryl Lee
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 18, 2024

Option 3: Atlassian fixes their broken funnel/sign-in process 😾

I mean, sorry. I think they're TRYING, at least with Jira:

Screenshot 2024-12-18 at 4.20.14 PM.png

Screenshot 2024-12-18 at 4.22.11 PM.png

Which I guess might explain why I'm seeing fewer accidental Jira sites and more Confluence, as Confluence does not have such pop-up/suggested site:

Screenshot 2024-12-18 at 4.24.37 PM.png

But @Rodrigo B_ and @Mithun R K if you guys work on Guard, I'm sorry. I've come around to believe this isn't really your fault or responsibility. Yes, Product Request feature is part of Guard for Enterprise, but this isn't Shadow IT. As I've mentioned before, this is Accidental IT (#accidentalit).

These people are just trying to log into sites they already have access to.

Anyways, I already wrote up my proposal:

If you want to have people stop complaining about Atlassian Guard for Enterprise being too expensive and how this feature should be available to everyone even without Guard, I'd recommend you forward this to whomever manages the webpages above, and get them to fix it in their product (Which I guess is MARKETING/New Accounts. Good luck, we know how important sign-ups are!)

Like # people like this
Gary Spross
Gary Spross
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 18, 2024

Our biggest issue with this is that Atlassian Guard charges for billable users. If a managed account, that is not licensed to any products, decides to create a Jira, Confluence, Trello, etc. site on their own, suddenly they become a billable user. Without being on an Enterprise plan for each product, there is no way to stop this. We also have no way to access these rogue sites, so it requires reactive communication instead of a proactive approach of not allowing the user to make this mistake (or go rogue) in the first place.

Like Rudy Holtkamp likes this
Rudy Holtkamp
Rudy Holtkamp
Contributor
December 19, 2024

This issue must be addressed at its source. It is futile to combat all the symptoms; that is akin to a Dutch saying: mopping the floor with the tap running. Which is like playing whack-a-mole a.k.a pointless. 

Like Darryl Lee likes this

Comment

Log in or Sign up to comment
Mithun R K

Mithun R K

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

1 post

View profile
Atlassian logo
Atlassian Guard
TAGS
AUG Leaders

Atlassian Community Events

    See all events