Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Security Setttings for Users from a non managed domain

Tim Lloyd
Tim Lloyd August 2, 2020

Hi, i have configured Atlassian access and claimed my company's managed domain, all working great with SSO.

Using Jira and Confluence.

However we have around 30% of the users who are from non managed domains external to our own. I cant find where to set password settings to enforce access limitations. It seems the only place i can only applies to our managed users.

Documentation doesn't seem to match new admin skin and menu options.  I would appreciate any assistance. 

Tim

Answer
Watch
Like Be the first to like this
1211 views

2 answers

1 vote
WPG
WPG March 4, 2022

I can understand if a user is logging in using another identity provide i.e., "Continue with Microsoft". What I can-not fathom is not having control over the password polices for users who are setting a password that is being stored at Atlassian identity provider. Especially since account minimum passwords are 8 characters and Atlassian does not enforce any other requirements around resets or expiration. This is completely unconscionable and needs to be addressed immediately and not in the next 12 to 18 months.

View More Comments
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 4, 2022

Hi @WPG ,

We've made quite a bit of progress since my comment from 18 months ago. The guidance on our public roadmap for this capability is Q2-Q3 of calendar year 2022.

Like David Rayner likes this
kurby
kurby June 24, 2022

 @Dave Meyer    I don't see any updates on the roadmap, can you provide specific details? Also note I am unable to find a means to list the unmanaged users. Can you direct me there as well.

Like Tim Lloyd likes this
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 24, 2022

@kurby we renamed the item on our roadmap to be more clear, apologies that the original link no longer worked. Attached is a screenshot from the roadmap as of this month. We suffered some delays as we focused portions of our team on reliability improvements and are currently expecting to offer an initial solution towards the end of this calendar year.

Screen Shot 2022-06-24 at 1.10.25 PM.png

 

There is not currently a way to explicitly see a list of all "unmanaged" users in your organization. We define an "unmanaged" user as a user who has access to one of your Jira or Confluence product that is not a managed account. There are instructions here for exporting users with product access to one of your products, and from that point you can filter out the users that are managed accounts based on their email address. https://support.atlassian.com/organization-administration/docs/export-users-from-a-site/

Like Tim Lloyd likes this
kurby
kurby June 24, 2022

@Dave Meyer Thank you

Like Tim Lloyd likes this
Reply
1 vote
Dave Meyer
Dave Meyer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 2, 2020

Hi @Tim Lloyd ,

Unfortunately we currently don't provide any capabilities for enforcing security policies on unmanaged users (especially since those users could be on domains managed by another organization enforcing their own security policies).

We're aware of the issue and we do plan to introduce some capabilities here in the next 12-18 months. You can track https://jira.atlassian.com/browse/ACCESS-102 for updates.

Dave

Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
DEPLOYMENT TYPE
CLOUD
TAGS
AUG Leaders

Atlassian Community Events

    See all events