Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Enforcing Policies for External users from other Atlassian Orgs

Rebekka Heilmann _viadee_
Rebekka Heilmann _viadee_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 5, 2024

Following scenario:

I am Org Admin of OurOrg. We have Access and enforce SSO for our AD/Managed Accounts. External Users require 2FA
Our Customer has similar settings in their Org, CusOrg, also using Access.
We work together closely. Some of their Users are accessing our Confluence as Guest Users. I am also Org Admin & User in their Atlassian products.


When I log into their products, I would have expected to fall under their External User policies. However, I don't need to reauthenticate, as our policies seem to apply. The other way around, their users will authenticate against their IDP when accessing our Confluence.

It seems like the Managed Users will always fall under their Home Org Authentication policies.

That's fine in our case, as we have similar restricted policies. I am wondering what would happen, if either of the Orgs had less "safe" policies.

I couldn't find any official documentation on this behaviour.

Answer
Watch
Like charlotte.mylendorf likes this
154 views

2 answers

2 accepted

1 vote
Answer accepted
Rebekka Heilmann _viadee_
Rebekka Heilmann _viadee_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
January 24, 2024

With extended test period it now makes more sense.

In my case, I am authenticated in our Org (with SSO) and then have to enter a 2F (as configured in the External policy) when I access their Org.

So works as expected I would say. Just a bit confusing and not really explained well in any documentation.

Reply
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events