Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,560,589
Community Members
 
Community Events
185
Community Groups

How can I avoid pages being shared with an external user?

I do NOT want to grant access to anyone outside of our organization.  Our instance of confluence is meant to be for internal access only.

On "Site access", I have selected "Anyone with one of the following email address domains can join:" and provided our company email domain.

I thought this would be good enough.  However, if I share a page with a user on a different email domain, i.e. gmail.com.  They receive an email that allows them to create an account and gain access to our site.  This is NOT good.

FYI, I also have NOT enabled the following options:

- Users can invite others

- Allow anybody to share a link to Confluence

1 answer

1 accepted

0 votes
Answer accepted
Darryl St_ Pierre
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Oct 28, 2019

@Werner Anders ,

Based on the information you provided, the external user would be able to Request an account, but unless that request was approved, they would not have access to your site.. You would need to ensure that your administrators are clear about your access policy/requirements.

Darryl

Thanks for your reply.  In my test, it did not play out that way.  The external user received an email sharing a link to a page.  They clicked on that link and were navigated through setting up their account.  Once they completed the account set up they were navigated to the site and had access.  No administrator had to get involved. 

Darryl St_ Pierre
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Oct 28, 2019

Interesting. I just recreated this scenario myself. This concerns me a great deal.

My system settings are even more restrictive than yours, in that they're set to Invitation Only. Unless it has to do with my being an administrator and sharing the page, this seems like a security hole as it's not expected behavior. I'm going to try sharing again with a non-administrator account.

Darryl St_ Pierre
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Oct 28, 2019

And that seems to be the answer.

When the non-administrator user Shared a page, it sent the request to the Administrator instead of directly to the person being shared with.

As long as your administrator users are trusted and informed, you should be alright with this.

Darryl

Like Dara likes this

Thanks Darryl!  I've confirmed the same on my end.  It would be better if we could prevent users from sharing content with external users at all.  In other words, don't even allow them to enter an email address that is outside of the organization's email domain. 

This behaviour will work for now, but I would like to follow up with Atlassian to see if there is another setting that can prevent these requests in the first place.

Like Alison Huang likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events