Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Collaborate more securely with External User Security: GA release now live

We are excited to announce the general availability (GA) of the external user security feature. It is now available to all customers with a subscription to Atlassian Access. Learn more about Atlassian Access.


External user security enables you to apply security controls to users who collaborate with your company but who you don’t manage in your Atlassian organization.

  • Two-step verification: An extra security step is enforced when external users try to access your organization’s Atlassian products. They are required to verify their identity every seven (7) days by entering a temporary one-time password sent to their email address.

  • API token access: When you block API token access for external users, they are unable to use API tokens to access the products through product APIs. Learn more about API tokens.

Note that these security settings are also applied on external Confluence Guests. Learn more about Confluence Guests.

The GA experience has just started rolling out so you can expect to see this feature in Atlassian Administration ( within the next few weeks.

In response to customer feedback, we’ve also prioritized single sign-on (SSO) enforcement and the ability to edit the verification frequency as future capabilities for the external user security feature. You can keep track of these and other future enhancements on our Cloud roadmap.

If you previously used external user security during the early access program (EAP), thank you for being a part of bringing this feature to life! And if you’re new to external user security, we hope you find it valuable to securely collaborate with your external teammates. Learn more about the feature in our support documentation.



Log in or Sign up to comment
Dan Tombs
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
July 10, 2023

Hey @Bhavya Nag 


Thanks for the spreading the news. I have some questions regarding some of the features with external users.

In regards to the exporting of external users, are you planning on providing additional information like what sites & products they may have access to? Whether they are part of any groups? We do quarterly audits and I think it would be great to understand if access has changed for users between audits.


Another thing I wanted to ask was also whether any of the external user management will be available through APIs?

Bhavya Nag
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 12, 2023

Hi @Dan Tombs , thanks for sharing your feedback! We will keep it in mind for future enhancements to the external user security feature. 

With regard to APIs for external user management, were you referring to configuring external user security settings via APIs or something else?

If you'd be interested in discussing your requirements with regard to external user administration in more detail, please email me at

Y. Oezl July 19, 2023


Thanks for sharing this new feature with us. 

This system doesn't seem to be working quite right.

Question: Who are these external users?
Answer: Every user who is not registered in my directory, it means an external/guest user for me.

I made a list. There are 750 people in my company who are not registered in the directory (They all have a licence), but your new system shows that there are 246 people.

Where did the remaining 504 people go? Why are these people not registered as a guest/external?

Also, I still cannot apply "Authentication policy" for these people.

Thank you.

Bhavya Nag
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 24, 2023

Hi @Y. Oezl , thanks for reaching out. 

External users are those that collaborate on your Atlassian Cloud products but whose accounts are not managed under your Atlassian organization. You can find more details with examples in our support documentation.

The number that you see on the "External users" screen specifies the number of external users that have access to at least one of your organization's Atlassian products. So it's likely that the reason for the difference you're seeing is that some external users in your directory do not have access to any products. 

With regard to your other question: if you're referring to the Authentication Policies functionality, that is applicable only to your managed accounts. The external user security settings described in this article are applicable to external users when you turn these settings on

If you have additional questions, please email me at

YY哥 Yang October 29, 2023

Hi @Bhavya Nag 


As we know, there are two types of directories: one is local directory and the other is identity provider directory. Both of them are for managed accounts. 

As for the context of external users or unmanaged users, what's the directory of external users then?

It seems external users are unmanaged users. Are the two concepts the same or what's their difference if not?




Bhavya Nag
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 30, 2023

Hi @YY哥 Yang ,

External users are those that are not managed under your Atlassian organization but who collaborate on your Atlassian Cloud products. These may be unmanaged users or users that are managed by a different Atlassian organization. See our documentation for more detail.



Jan-Cees van Buiten May 21, 2024

@Bhavya Nag This is a good step, but as you probably know, 2FA via email is not considered very safe. What are your plans of including other options, like an authenticator app (TOTP) like MS Authenticator, Google Authenticator, ...?

AUG Leaders

Atlassian Community Events