Preventing Users to invite others, is it possible?

Yanis
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
November 18, 2018

Hi,

I want to Prevent/Disable the option from newly invited users to invite others during the first Setup process of the newly invited user. How can I achieve that.

I already unchecked this option from User settings, but yet, this option still exists via the first invitation link and wizard.

7 answers

2 votes
Rachmad Kusairi January 19, 2021

I don't know it will be related or not, but I want to know, how to disable the "Invite Team" menu from the project?

Screenshot from 2021-01-20 11-43-27.png

it turns out, the non-administrator could invite other people and get the license.

jennifer.sewell
Contributor
August 6, 2021

I am experiencing this same issue.  Non admins can sent invite emails to anyone with this option, even though the site admin allow users to invite is turned off.  This is very bad!

Like # people like this
Adam Sterrie
Contributor
May 30, 2022

This sounds like a huge information security loophole and a nightmare for Jira Admins that work for organisations that are careful about information security.
Surely "Invite team" should mean just that and not "Invite anyone in the world to team and give them a license as well"!
Is anyone in Atlassian responsible for closing security loopholes to whom we could forward this issue?

Like EKP likes this
1 vote
David Sloane February 23, 2019

I have a similar problem, with users who are definitely not site admins, inviting other users to join Confluence.

This generates emails to admins like this:

Subject: Someone wants to invite another user to Confluence

Body:
The user [person1]@[domain] needs access to Confluence

[person 2] wants to invite [person1]@[domain], so they can both work on x.atlassian.net. You can approve access requests from your Site administration.

{etc.}

Can this feature be disabled?

I've seen this question asked in several forums, but no clear answer for Confluence Cloud

Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 25, 2019

There's a new feature now that allows you to add trusted users to invite other users:

Screen Shot 2019-02-25 at 12.16.48 PM.png

Can you have a look and let me know what sort of permissions Person 2 has there?

Do you know what they did to trigger the invite email specifically?

Regards,

Shannon

David Sloane February 26, 2019

Thanks for the feedback!

That Invite/Edit/Add page refers to permissions, which I don't see anywhere in the user management interface.

Person 2 is an external, non-staff user, with limited permissions. I don't know what they're doing, to generate this invitation.

Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 1, 2019

David,

The permissions are available in Site Administration > User management > Users. When you click Show details next to the user, you'll see under Roles on the left which role they have.

Screen Shot 2019-03-01 at 2.27.26 PM.png

Can you have a look and confirm that you see that?

Take a look at what role you have set for that user, and confirm with me what permissions you have set for them. I assume by "external" user you don't mean external to Confluence, but a licensed internal Confluence user which is external to your organization. Can you confirm?

Regards,

Shannon

Like Chris Whitten likes this
John Bevan
Contributor
March 27, 2019

Note: There seem to be different meanings of "Invite a user, which may be causing some confusion.

- When an administrator adds a new user, that's called inviting the user; as it sends a mail to that user for them to setup their own account.

- When an existing (non-admin) user invites a user they're asking that the user be given access / it results in the administrators being prompted to approve the access request.

I believe this question's referring to the latter scenario.

Like # people like this
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 1, 2019

John,

Thank you so much for pointing that out! 

David, in that case, are the users themselves getting an invitation email, or is only the admin getting an email to approve access request? Can you show me what that email looks like for you?

Regards,

Shannon

Like John Bevan likes this
Marika Trygg
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
April 8, 2019

Hi @Shannon S ,

I have the same question as Yanis and David.

I've used the Basic Role when inviting new users, the "Users can invite others" in Site Settings is unticked.

STILL, as a new user to that Confluence Cloud instance, the first step in my "Start up Confluence"-routine, I'm prompted to add emails beneath the question "Who's on your team?".

Is there anyway to detach this first step as a new user? Or does that step override all user management settings?

Best regards,

Marika

Like David Sloane likes this
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 9, 2019

Hello Marika,

Thank you so much for your description. I realize now that it was this bug we reported, which turned out to be an expected behavior:

  • ID-6734 Disabling the _Users can invite others_ tickbox still allows regular users to invite other people

I've found the following request to disable this option below:

  • CONFCLOUD-65155 Disable the option to invite team members on the first login

@Yanis, my apologies for not realizing that this was the specific feature you were referring to.

The best thing we can do for this is to vote on the CONFCLOUD request which is still open. I will comment there with this thread so the developers will be able to see the feedback.

You can also submit your feedback directly from the menu within your Cloud instance, by clicking on your profile photo:

Screenshot 2019-04-09 at 16.30.12.png

This will be sent directly to the development team for their consideration.

Thank you and take care!

Regards,

Shannon

Muhammad Noman
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 28, 2019

Hi Shannon 

 

What was the outcome for this issue ? Was it resolved ? 

I am also facing same issue, people who are not administrators are able to invite new people on jira.

what is the step by step procedure to stop users for inviting further other users ?

 

Thank you in anticipation. 

Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 28, 2019

Muhammad,

Welcome to Atlassian Community! It's nice to meet you.

In my last reply, I mentioned that it was expected behavior, which was mentioned here:

  • ID-6734 Disabling the _Users can invite others_ tickbox still allows regular users to invite other people

And I found the following request to disable this option below:

  • CONFCLOUD-65155 Disable the option to invite team members on the first login

You can vote on the request above and you will be automatically added to the list of watchers.

Let me know if you have any questions!

Regards,

Shannon

Muhammad Noman
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 28, 2019

Thank you. 

Like Shannon S likes this
Jonathan Cogley
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 2, 2020

Wow.  This means that I can't use Confluence for my Partner Portal project because I don't want partners to be able to invite others (even if they don't get approved) - it is just unprofessional.

This is so disappointing when basic things don't work and then don't get fixed.

This sort of thing makes it very hard to be a champion for Atlassian. :(

Like # people like this
Noah Reddell
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 3, 2020

I agree this is obnoxious.  

This inundation of "invited_user_A wants some_uninvited_colleague to join Confluence so they can work together. Here's some more information about them" messages is making my Atlassian administration experience miserable and confusing my users.

It is a shame this issue has not received attention.

Like # people like this
0 votes
Sasi Vijayakumar
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 2, 2024

There are 4 options from Admin-> products -> user access settings.

Invite anyone, Invite approved domains, Require admin approval, Don’t allow invites

support documentation 

0 votes
Douglas Maia
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
August 2, 2022

Through an option on the settings site it is possible to restrict users from inviting others:

configuracao-confluence.png

Mark J Cunningham
Contributor
August 2, 2022

Even when that is not checked, I still see loads of invites that can be generated by all roles of users

0 votes
Mark J Cunningham
Contributor
July 29, 2022

It is not the pure "invite user" as per site-admin

 

Its the way Basic users even when Invite user is switched off can generate a different invite.

It basically means that switching off invite users does absolutely nothing to stop rouge invites.

 

This is not a "feature", or any kind of expected behavior - it is a risk and potential security breach

this bug we reported, which turned out to be an expected behavior:

0 votes
Mark J Cunningham
Contributor
July 7, 2022

There are different "Invite users"

Site-admin get the Invite users button, which you can add people to groups as well

Conf users (basic no added privileges) can invite users via Share page

Jira users  (basic no added privileges) can invite users via Share

 

There should be a setting to stop shares to outside of those who already have an Atlassian account, else you end up being spammed with invite requests, which is even more annoying as then they are added sans groups, so you have to go back into each one and add them to the relevant groups.

0 votes
Shannon S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 23, 2018

Hi Yanis,

Any users that you have added to the site-admins group should have the ability to invite other users. If you do not want specific users to have this ability, then you will want to remove them as a site-admin.

Can you let me know if that's not the case and what issue you're having exactly with the invite user prompt?

Regards,

Shannon

Mark J Cunningham
Contributor
August 2, 2022

email comes in like

Summary: <basic user with no admin rights> invited <invited user> to your Atlassian site

<basic user with no admin rights> invited <invited user> to your Atlassian site
Hi Mark J Cunningham,
<basic user with no admin rights> (<basic user with no admin rights email address>) has invited <invited user> to work with your team. Here's some more information about them:
<invited user>
<email address>
New user at <site>
View profile
View your invite settings


According to setting this should not be possible:

CaptureIL.PNGCaptureUI.PNG

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events