Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Confluence
Questions
How can I avoid pages being shared with an external user?

How can I avoid pages being shared with an external user?

I do NOT want to grant access to anyone outside of our organization. Our instance of confluence is meant to be for internal access only.

On "Site access", I have selected "Anyone with one of the following email address domains can join:" and provided our company email domain.

I thought this would be good enough. However, if I share a page with a user on a different email domain, i.e. gmail.com. They receive an email that allows them to create an account and gain access to our site. This is NOT good.

FYI, I also have NOT enabled the following options:

- Users can invite others

- Allow anybody to share a link to Confluence

1 answer

1 accepted

0 votes

Answer accepted

@Werner Anders ,

Based on the information you provided, the external user would be able to Request an account, but unless that request was approved, they would not have access to your site.. You would need to ensure that your administrators are clear about your access policy/requirements.

Darryl

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks for your reply. In my test, it did not play out that way. The external user received an email sharing a link to a page. They clicked on that link and were navigated through setting up their account. Once they completed the account set up they were navigated to the site and had access. No administrator had to get involved.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

Interesting. I just recreated this scenario myself. This concerns me a great deal.

My system settings are even more restrictive than yours, in that they're set to Invitation Only. Unless it has to do with my being an administrator and sharing the page, this seems like a security hole as it's not expected behavior. I'm going to try sharing again with a non-administrator account.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

And that seems to be the answer.

When the non-administrator user Shared a page, it sent the request to the Administrator instead of directly to the person being shared with.

As long as your administrator users are trusted and informed, you should be alright with this.

Darryl

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Dara likes this

Thanks Darryl! I've confirmed the same on my end. It would be better if we could prevent users from sharing content with external users at all. In other words, don't even allow them to enter an email address that is outside of the organization's email domain.

This behaviour will work for now, but I would like to follow up with Atlassian to see if there is another setting that can prevent these requests in the first place.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Alison Huang likes this

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS