Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,296,425
Community Members
 
Community Events
165
Community Groups

Security Setttings for Users from a non managed domain

Hi, i have configured Atlassian access and claimed my company's managed domain, all working great with SSO.

Using Jira and Confluence.

However we have around 30% of the users who are from non managed domains external to our own. I cant find where to set password settings to enforce access limitations. It seems the only place i can only applies to our managed users.

Documentation doesn't seem to match new admin skin and menu options.  I would appreciate any assistance. 

Tim

2 answers

I can understand if a user is logging in using another identity provide i.e., "Continue with Microsoft". What I can-not fathom is not having control over the password polices for users who are setting a password that is being stored at Atlassian identity provider. Especially since account minimum passwords are 8 characters and Atlassian does not enforce any other requirements around resets or expiration. This is completely unconscionable and needs to be addressed immediately and not in the next 12 to 18 months.

Dave Meyer Atlassian Team Mar 04, 2022

Hi @WPG ,

We've made quite a bit of progress since my comment from 18 months ago. The guidance on our public roadmap for this capability is Q2-Q3 of calendar year 2022.

 @Dave Meyer    I don't see any updates on the roadmap, can you provide specific details? Also note I am unable to find a means to list the unmanaged users. Can you direct me there as well.

Like Tim Lloyd likes this
Dave Meyer Atlassian Team Jun 24, 2022

@kurby we renamed the item on our roadmap to be more clear, apologies that the original link no longer worked. Attached is a screenshot from the roadmap as of this month. We suffered some delays as we focused portions of our team on reliability improvements and are currently expecting to offer an initial solution towards the end of this calendar year.

Screen Shot 2022-06-24 at 1.10.25 PM.png

 

There is not currently a way to explicitly see a list of all "unmanaged" users in your organization. We define an "unmanaged" user as a user who has access to one of your Jira or Confluence product that is not a managed account. There are instructions here for exporting users with product access to one of your products, and from that point you can filter out the users that are managed accounts based on their email address. https://support.atlassian.com/organization-administration/docs/export-users-from-a-site/

Like Tim Lloyd likes this
Like Tim Lloyd likes this
1 vote
Dave Meyer Atlassian Team Aug 02, 2020

Hi @Tim Lloyd ,

Unfortunately we currently don't provide any capabilities for enforcing security policies on unmanaged users (especially since those users could be on domains managed by another organization enforcing their own security policies).

We're aware of the issue and we do plan to introduce some capabilities here in the next 12-18 months. You can track https://jira.atlassian.com/browse/ACCESS-102 for updates.

Dave

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Atlassian Access

Atlassian Access Demo Q&A Recap

Hi Community! Thank you to all who joined our ongoing monthly Atlassian Access demo! We have an engaging group of attendees who asked many great questions. I’ll share a recap of frequently ask...

1,143 views 4 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you