We have a use case where a user creates an Atlassian account and selects our Jira Work Management product. They are automatically added to the default JWM group jira-work management-users-xx. We have Okta enabled, which does prevent them from accessing any projects. However, we want to not allow users to automatically gain access. Is there some sort of approval that can be put in place or some other method that does not grant access to the default groups?
We have a use case where a user creates an Atlassian account and selects our Jira Work Management product. They are automatically added to the default JWM group jira-work management-users-xx
It sounds like you have an approved domain setup for the Jira Work Management product. Go to: admin.atlassian.com -> Products -> User Access Settings and check if you have JWM setup as a product for 'Any Domain' or your company domain.
You can do two things to help with this:
1. Change your approved domain for JWM to be 'Admin Approval' ticked as yes. This means that when a user tries to access your JWM product, they'll have a 'Request Access' screen presented to them. They can press the 'Request Access' button, which will notify your organisation admins that the user wants access to the product, and add that users into the Request Access list (to see this list, go to admin.atlassian.com -> products -> select the site -> Access Requests. You can approve or deny them access, approving access will put them into the default JWM product group.
2. Remove the approved domain for JWM and implement an external access request process. Jira Service Management would be good for that, or Zendesk or ServiceNow... Lots of products out there.
There's a whole other issue if you're looking to sync users from your IDP into the default groups... Let me know if that's what you're after?
-Kieren
Co-Founder @ Smol Software | Ex-Atlassian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.