Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unknown persons entering our cloud site- how to secure?

Friendly Giant
Friendly Giant April 13, 2021

On our cloud location a few unknown persons entered,  which were self-created and counted as users. These were from 2 different domains

The persons themselves we re not aware (they were in the domain which was defiend, but were not invited and did not have any stake in the project).

with 1 'unwanted'user i found out how it happened:

******quote

Hi Getjan,

Apologies for the issue. I was attempting to log into my corporate site but was redirected to the standard Jira log in. It had been a while since I had logged in, so I accidentally went to the wrong login (standard login rather than our corporate login). Once I chose Access Using Company, I had the option to choose two groups. This was odd to me but as I have recently returned from an extended leave, and our login is all controlled by our corporate account, I thought perhaps I had to reregister. Once I logged in using my corporate email, I was redirected to an admin screen to choose which group I wanted to log in with. I chose the available group, but it redirected me to your site. As soon as I realized this occurred, I immediately logged out. If you would like to remove me from your site, that would be great. Our email accounts apparently allow access to your site if we register using our corporate account.

******unquote

 

How can we secure this that corporate users are offered only their corporate accound?

 

Answer
Watch
Like Peter Freyler likes this
518 views

1 answer

1 accepted

0 votes
Answer accepted
Angélica Luz
Angélica Luz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 15, 2021

Hello @Friendly Giant,

Thank you for reaching out to Atlassian Community!

On Cloud sites, it’s possible to allow people to create accounts. You can allow specific domains, any domains, or no domain. 

To check if your site is open for people to create accounts, please go to Cog icon > User management > Site access. 

Screen Shot 2021-04-15 at 14.50.19.png

Testing here, it doesn’t seem that it’s open.

Once I chose Access Using Company, I had the option to choose two groups.

I believe that they are talking about admin.atlassian.com and the groups are the same as organizations. 

On your site, I can see only one user with a different domain.

Also, another thing I saw is that, you are Org admin of two Organizations and one of them has two other users with a different domain. If that was the case, they don’t have access to your products because the products are under another organization.

If you still have their contact, if possible, confirm with them what page they were redirected to. If possible, share with us a screenshot, just make sure to hide private information.

Kind regards,
Angélica

View More Comments
Friendly Giant
Friendly Giant April 19, 2021

Mil Gracias Angélica for feedback, there is no real break because i remoived them;  but i wanted to know how this came about and whether it is expected behavior; which is the case here. . ✨🎈

Like Angélica Luz likes this
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

    See all events