Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,551,850
Community Members
 
Community Events
184
Community Groups

Atlassian Access: External Users that are not part of our domain

Jackson Lum
Jackson Lum Aug 08, 2018

Hi,

We are interested in using Atlassian Access SSO. My organization is ACME.COM. So anyone with the email XXX@acme.com will be able to authenticate. We have a need to collaborate with external users that are not part of our domain. What are my options?

In reading the documentation online, I found:

"You can give access to users with Atlassian accounts from domains that you don't own, such as sarah@vendor.com, but those users won't be subject to the Atlassian Access policies you've set."

Is there any additional documentation related to my inquiry? I am thinking that the only option I have is setting those user up with acme.com domain accounts and password so that they could be authenticated. Is there an option for the external users to purchase their own licenses and then logon to my JIRA and Confluence Cloud?

Answer
Watch
Like # people like this
5014 views

2 answers

1 accepted

5 votes
Answer accepted
K_ Yamamoto
K_ Yamamoto
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 13, 2018 • edited Aug 27, 2018

Hi Jackson,

Even after your turning on the Atlassian Access, the external users who don't have *@acme.com domain still can use your site if you are ok that these external users are not under the control of Atlassian Access which means, for example, you cannot enforce the password policy to these users.

As for authentication flow, please refer my community post at Is it possible to use a mix of Atlassian and SAML accounts?.

View More Comments
Philipp Hildebrandt
Philipp Hildebrandt Feb 04, 2020

Hi,

so do I understand you correctly?

  • I want to secure my JIRA-Account with 2-factor-authentication - this option will only take effect to my own domain-accounts?
  • Our guest-accounts are still using unsecure logins (without 2FA)?

What's the solution for that problem?

  • Do I have to create Account for them within my company / domain?

I will give you an example for the challange:

  • 2 internal users
    • peter@mydomain.com
    • sally@mydoamain.com
  • 1 external user
    • donald@externaldomain.com

Using Atlassian Access will only take effekt to Peter and Sally.
Donald can still log in to my JIRA project with his Atlassian-Account (password: duck)
==> maximum unsecure! => I can not force him to user 2FA or strong password?

The solution?

  • create account donald@mydomain.com
    • so Donald has two Atlassian-Accounts
      • one normal which is not really secure
      • one "mydomain"-Account which is using 2FA and forced password guidline
Like K_ Yamamoto likes this
Like
K_ Yamamoto
K_ Yamamoto
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Feb 17, 2020

Hi @Philipp Hildebrandt - Sorry for being late to reply. Yes, you understand correctly. Also, I'd do the same for Donald as a workaround.

Like # people like this
Reply
0 votes
Jackson Lum
Jackson Lum Aug 13, 2018

@Rodrigo B_, I have looked thru other community posts and couldn't find a definite answer on this. Would you be able to confirm that the only option I have is setting those user up with acme.com domain accounts and password so that they could be authenticated?

View More Comments
Rodrigo B_
Rodrigo B_
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 14, 2018

Hi Jackson,

I see Kenta answered your question, since it's accepted, I will just wish you a great day ahead!

Thanks,

Rodrigo Becker

Like
Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events