Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Can I enable automatic approval of new users, but only give them site only access?

I am looking for a way to get internal customers onboarded into our service desk while accessing it via Okta. I've got the Okta piece in place and functioning and Site Access settings I have it set to approve our email domain. On the product access side, I have all Atlassian products turned off for new users in the hopes that a new user onboarding themselves can just be added with site access so that they can immediately access the service desk portal.

I did find that if I give access to a single product inside of product settings for new users then an approval request is not required. My issue with this is that internal customers are not going to land on the service desk portal page, but the page for the product they've been licensed for and I still have to come back around and clean up the license.

Is there a way around this limitation? It would be extremely helpful in getting internal customers into the portal vs just sending requests to the service desk via email. If there's another way I should be loading customers into the service desk portal please let me know.


Thanks in advance.

1 answer

Hello, Chris.

By default with Jira Service Desk in Cloud the opposite is the norm - customers in Service Desk are authenticated completely separately from Atlassian ID/Atlassian Access/SAML (your connection OKTA) with password-based credentials and if your customer happens to have an Atlassian ID (e.g. in your organisation) you need to explicitly (and manually!) migrate their JSD record to an Atlassian account in<your org id>/jira-service-desk/portal-only-customers

As such, I believe what you are after is not currently possible without some programmatic way via JSD API (

Some customers have configured a public Service Desk project, available anonymously for the sole purpose of raising a request (thus creating a customer record) to trigger some further automation.

There is a user created webhook in Jira, and based on relatively recent comment in it should fire, though it's not clear to me if the user must be given access to Jira product in this case.

Since you mention OKTA, you must be using Access, so theoretically you can poll your organisation's users regularly too via Access API ( but that needs Access token that expires every 7 days, which hardly makes it automatic.

Consider all of the above as "thoughts out loud", some originally in the context of Cloud roadmap for our UserManagement product (currently available only on Server and DC). I am happy to be proven wrong and would welcome anyone to point a better way?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Atlassian Access

Atlassian Access Demo Q&A Recap

Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...

1,144 views 4 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you