Atlassian Access: External Users that are not part of our domain

Jackson Lum August 8, 2018

Hi,

We are interested in using Atlassian Access SSO. My organization is ACME.COM. So anyone with the email XXX@acme.com will be able to authenticate. We have a need to collaborate with external users that are not part of our domain. What are my options?

In reading the documentation online, I found:

"You can give access to users with Atlassian accounts from domains that you don't own, such as sarah@vendor.com, but those users won't be subject to the Atlassian Access policies you've set."

Is there any additional documentation related to my inquiry? I am thinking that the only option I have is setting those user up with acme.com domain accounts and password so that they could be authenticated. Is there an option for the external users to purchase their own licenses and then logon to my JIRA and Confluence Cloud?

2 answers

1 accepted

5 votes
Answer accepted
K_ Yamamoto
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 13, 2018

Hi Jackson,

Even after your turning on the Atlassian Access, the external users who don't have *@acme.com domain still can use your site if you are ok that these external users are not under the control of Atlassian Access which means, for example, you cannot enforce the password policy to these users.

As for authentication flow, please refer my community post at Is it possible to use a mix of Atlassian and SAML accounts?.

Philipp Hildebrandt February 4, 2020

Hi,

so do I understand you correctly?

  • I want to secure my JIRA-Account with 2-factor-authentication - this option will only take effect to my own domain-accounts?
  • Our guest-accounts are still using unsecure logins (without 2FA)?

What's the solution for that problem?

  • Do I have to create Account for them within my company / domain?

I will give you an example for the challange:

  • 2 internal users
    • peter@mydomain.com
    • sally@mydoamain.com
  • 1 external user
    • donald@externaldomain.com

Using Atlassian Access will only take effekt to Peter and Sally.
Donald can still log in to my JIRA project with his Atlassian-Account (password: duck)
==> maximum unsecure! => I can not force him to user 2FA or strong password?

The solution?

  • create account donald@mydomain.com
    • so Donald has two Atlassian-Accounts
      • one normal which is not really secure
      • one "mydomain"-Account which is using 2FA and forced password guidline
Like K_ Yamamoto likes this
Philipp Hildebrandt February 4, 2020

@K_ Yamamoto can you help me?

K_ Yamamoto
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 17, 2020

Hi @Philipp Hildebrandt - Sorry for being late to reply. Yes, you understand correctly. Also, I'd do the same for Donald as a workaround.

Like # people like this
0 votes
Jackson Lum August 13, 2018

@Rodrigo B_, I have looked thru other community posts and couldn't find a definite answer on this. Would you be able to confirm that the only option I have is setting those user up with acme.com domain accounts and password so that they could be authenticated?

Rodrigo B_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 14, 2018

Hi Jackson,

I see Kenta answered your question, since it's accepted, I will just wish you a great day ahead!

Thanks,

Rodrigo Becker

Jackson Lum August 14, 2018

Thanks @Rodrigo B_ and @K_ Yamamoto!

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events