On our cloud location a few unknown persons entered, which were self-created and counted as users. These were from 2 different domains
The persons themselves we re not aware (they were in the domain which was defiend, but were not invited and did not have any stake in the project).
with 1 'unwanted'user i found out how it happened:
Apologies for the issue. I was attempting to log into my corporate site but was redirected to the standard Jira log in. It had been a while since I had logged in, so I accidentally went to the wrong login (standard login rather than our corporate login). Once I chose Access Using Company, I had the option to choose two groups. This was odd to me but as I have recently returned from an extended leave, and our login is all controlled by our corporate account, I thought perhaps I had to reregister. Once I logged in using my corporate email, I was redirected to an admin screen to choose which group I wanted to log in with. I chose the available group, but it redirected me to your site. As soon as I realized this occurred, I immediately logged out. If you would like to remove me from your site, that would be great. Our email accounts apparently allow access to your site if we register using our corporate account.
How can we secure this that corporate users are offered only their corporate accound?
Hello @Friendly Giant,
Thank you for reaching out to Atlassian Community!
On Cloud sites, it’s possible to allow people to create accounts. You can allow specific domains, any domains, or no domain.
To check if your site is open for people to create accounts, please go to Cog icon > User management > Site access.
Testing here, it doesn’t seem that it’s open.
Once I chose Access Using Company, I had the option to choose two groups.
I believe that they are talking about admin.atlassian.com and the groups are the same as organizations.
On your site, I can see only one user with a different domain.
Also, another thing I saw is that, you are Org admin of two Organizations and one of them has two other users with a different domain. If that was the case, they don’t have access to your products because the products are under another organization.
If you still have their contact, if possible, confirm with them what page they were redirected to. If possible, share with us a screenshot, just make sure to hide private information.
Did you know Atlassian Access offers more than SAML single sign-on for Atlassian cloud products, like Jira and Confluence? Whether you're just starting to plan for your organization or in the pr...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events