Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,458,977
Community Members
 
Community Events
176
Community Groups

Preventing Users to invite others, is it possible?

Hi,

I want to Prevent/Disable the option from newly invited users to invite others during the first Setup process of the newly invited user. How can I achieve that.

I already unchecked this option from User settings, but yet, this option still exists via the first invitation link and wizard.

6 answers

I don't know it will be related or not, but I want to know, how to disable the "Invite Team" menu from the project?

Screenshot from 2021-01-20 11-43-27.png

it turns out, the non-administrator could invite other people and get the license.

I am experiencing this same issue.  Non admins can sent invite emails to anyone with this option, even though the site admin allow users to invite is turned off.  This is very bad!

Like # people like this

This sounds like a huge information security loophole and a nightmare for Jira Admins that work for organisations that are careful about information security.
Surely "Invite team" should mean just that and not "Invite anyone in the world to team and give them a license as well"!
Is anyone in Atlassian responsible for closing security loopholes to whom we could forward this issue?

0 votes

Through an option on the settings site it is possible to restrict users from inviting others:

configuracao-confluence.png

Even when that is not checked, I still see loads of invites that can be generated by all roles of users

It is not the pure "invite user" as per site-admin

 

Its the way Basic users even when Invite user is switched off can generate a different invite.

It basically means that switching off invite users does absolutely nothing to stop rouge invites.

 

This is not a "feature", or any kind of expected behavior - it is a risk and potential security breach

this bug we reported, which turned out to be an expected behavior:

There are different "Invite users"

Site-admin get the Invite users button, which you can add people to groups as well

Conf users (basic no added privileges) can invite users via Share page

Jira users  (basic no added privileges) can invite users via Share

 

There should be a setting to stop shares to outside of those who already have an Atlassian account, else you end up being spammed with invite requests, which is even more annoying as then they are added sans groups, so you have to go back into each one and add them to the relevant groups.

I have a similar problem, with users who are definitely not site admins, inviting other users to join Confluence.

This generates emails to admins like this:

Subject: Someone wants to invite another user to Confluence

Body:
The user [person1]@[domain] needs access to Confluence

[person 2] wants to invite [person1]@[domain], so they can both work on x.atlassian.net. You can approve access requests from your Site administration.

{etc.}

Can this feature be disabled?

I've seen this question asked in several forums, but no clear answer for Confluence Cloud

Shannon S Atlassian Team Feb 25, 2019

There's a new feature now that allows you to add trusted users to invite other users:

Screen Shot 2019-02-25 at 12.16.48 PM.png

Can you have a look and let me know what sort of permissions Person 2 has there?

Do you know what they did to trigger the invite email specifically?

Regards,

Shannon

Thanks for the feedback!

That Invite/Edit/Add page refers to permissions, which I don't see anywhere in the user management interface.

Person 2 is an external, non-staff user, with limited permissions. I don't know what they're doing, to generate this invitation.

Shannon S Atlassian Team Mar 01, 2019

David,

The permissions are available in Site Administration > User management > Users. When you click Show details next to the user, you'll see under Roles on the left which role they have.

Screen Shot 2019-03-01 at 2.27.26 PM.png

Can you have a look and confirm that you see that?

Take a look at what role you have set for that user, and confirm with me what permissions you have set for them. I assume by "external" user you don't mean external to Confluence, but a licensed internal Confluence user which is external to your organization. Can you confirm?

Regards,

Shannon

Like Chris Whitten likes this

Note: There seem to be different meanings of "Invite a user, which may be causing some confusion.

- When an administrator adds a new user, that's called inviting the user; as it sends a mail to that user for them to setup their own account.

- When an existing (non-admin) user invites a user they're asking that the user be given access / it results in the administrators being prompted to approve the access request.

I believe this question's referring to the latter scenario.

Like # people like this
Shannon S Atlassian Team Apr 01, 2019

John,

Thank you so much for pointing that out! 

David, in that case, are the users themselves getting an invitation email, or is only the admin getting an email to approve access request? Can you show me what that email looks like for you?

Regards,

Shannon

Like John Bevan likes this

Hi @Shannon S ,

I have the same question as Yanis and David.

I've used the Basic Role when inviting new users, the "Users can invite others" in Site Settings is unticked.

STILL, as a new user to that Confluence Cloud instance, the first step in my "Start up Confluence"-routine, I'm prompted to add emails beneath the question "Who's on your team?".

Is there anyway to detach this first step as a new user? Or does that step override all user management settings?

Best regards,

Marika

Like David Sloane likes this
Shannon S Atlassian Team Apr 09, 2019

Hello Marika,

Thank you so much for your description. I realize now that it was this bug we reported, which turned out to be an expected behavior:

  • ID-6734 Disabling the _Users can invite others_ tickbox still allows regular users to invite other people

I've found the following request to disable this option below:

  • CONFCLOUD-65155 Disable the option to invite team members on the first login

@Yanis, my apologies for not realizing that this was the specific feature you were referring to.

The best thing we can do for this is to vote on the CONFCLOUD request which is still open. I will comment there with this thread so the developers will be able to see the feedback.

You can also submit your feedback directly from the menu within your Cloud instance, by clicking on your profile photo:

Screenshot 2019-04-09 at 16.30.12.png

This will be sent directly to the development team for their consideration.

Thank you and take care!

Regards,

Shannon

Hi Shannon 

 

What was the outcome for this issue ? Was it resolved ? 

I am also facing same issue, people who are not administrators are able to invite new people on jira.

what is the step by step procedure to stop users for inviting further other users ?

 

Thank you in anticipation. 

Shannon S Atlassian Team Jun 28, 2019

Muhammad,

Welcome to Atlassian Community! It's nice to meet you.

In my last reply, I mentioned that it was expected behavior, which was mentioned here:

  • ID-6734 Disabling the _Users can invite others_ tickbox still allows regular users to invite other people

And I found the following request to disable this option below:

  • CONFCLOUD-65155 Disable the option to invite team members on the first login

You can vote on the request above and you will be automatically added to the list of watchers.

Let me know if you have any questions!

Regards,

Shannon

Like Shannon S likes this

Wow.  This means that I can't use Confluence for my Partner Portal project because I don't want partners to be able to invite others (even if they don't get approved) - it is just unprofessional.

This is so disappointing when basic things don't work and then don't get fixed.

This sort of thing makes it very hard to be a champion for Atlassian. :(

Like # people like this

I agree this is obnoxious.  

This inundation of "invited_user_A wants some_uninvited_colleague to join Confluence so they can work together. Here's some more information about them" messages is making my Atlassian administration experience miserable and confusing my users.

It is a shame this issue has not received attention.

Like # people like this
0 votes
Shannon S Atlassian Team Nov 23, 2018

Hi Yanis,

Any users that you have added to the site-admins group should have the ability to invite other users. If you do not want specific users to have this ability, then you will want to remove them as a site-admin.

Can you let me know if that's not the case and what issue you're having exactly with the invite user prompt?

Regards,

Shannon

email comes in like

Summary: <basic user with no admin rights> invited <invited user> to your Atlassian site

<basic user with no admin rights> invited <invited user> to your Atlassian site
Hi Mark J Cunningham,
<basic user with no admin rights> (<basic user with no admin rights email address>) has invited <invited user> to work with your team. Here's some more information about them:
<invited user>
<email address>
New user at <site>
View profile
View your invite settings


According to setting this should not be possible:

CaptureIL.PNGCaptureUI.PNG

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events