You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
I have a question regarding access rights to different products in Atlassian. To grant user access to Atlassian we use Azure AD SSO.
We have three products. Confluence, Jira Software and Jira Service Management. And our team is planing to have more products in feature.
Because of this, I need to find a way to manage access to individual products. From what I understand every new user is added to all "Default access groups" and these groups are assigned to each product. So basically everyone has access to everything.
Is there a easy was how to manage this access individually? In the best way automatically
Yes, Atlassian provides a couple of ways to manage access to individual products for users in your organization:
1. Assign Product Roles: One way to manage access is by assigning product roles. An organization admin can assign a product role when inviting a new user or update an existing user's product role to give product access. You can also use groups to assign product roles, which grants access to all group members. However, do note that user access admins can only manage access for products they administer.
2. Using Groups: Another way to manage access is by using groups. You can create different groups to manage access for multiple users to multiple products at once. For example, you could create a group for 'Jira Software Users' and another for 'Confluence Users' and manage access accordingly. You can also use groups to apply in-product permissions, giving you more granular control
3. In-Product Permissions: This is an additional layer of access that gives you more granular control over specific areas. For example, you can limit a user’s access to specific Jira projects or confidential Confluence spaces https://support.atlassian.com/user-management/docs/how-does-product-access-work/.
Remember, the default behavior when a user is granted access to a product, they're automatically added to the product's default access group. You can change this behavior by using custom groups and managing access via those groups. Also, be aware of issues related to managing groups as user access admins can only grant or remove users access to products they administer https://support.atlassian.com/user-management/docs/troubleshoot-issues-related-to-managing-groups/.
For automation, you might want to look into Atlassian Access, which offers features such as automated user provisioning and de-provisioning, SAML single sign-on, enforced two-step verification, and more. These features can help streamline the management of user access across your Atlassian products https://www.atlassian.com/software/access.