We are interested in using Atlassian Access SSO. My organization is ACME.COM. So anyone with the email XXX@acme.com will be able to authenticate. We have a need to collaborate with external users that are not part of our domain. What are my options?
In reading the documentation online, I found:
"You can give access to users with Atlassian accounts from domains that you don't own, such as email@example.com, but those users won't be subject to the Atlassian Access policies you've set."
Is there any additional documentation related to my inquiry? I am thinking that the only option I have is setting those user up with acme.com domain accounts and password so that they could be authenticated. Is there an option for the external users to purchase their own licenses and then logon to my JIRA and Confluence Cloud?
Even after your turning on the Atlassian Access, the external users who don't have *@acme.com domain still can use your site if you are ok that these external users are not under the control of Atlassian Access which means, for example, you cannot enforce the password policy to these users.
As for authentication flow, please refer my community post at Is it possible to use a mix of Atlassian and SAML accounts?.
so do I understand you correctly?
What's the solution for that problem?
I will give you an example for the challange:
Using Atlassian Access will only take effekt to Peter and Sally.
Donald can still log in to my JIRA project with his Atlassian-Account (password: duck)
==> maximum unsecure! => I can not force him to user 2FA or strong password?