Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Customer Was Given Access

Clare Lawson March 17, 2023

Hello. I hope someone can help. An external customer somehow was given access to our Jira instance.  He was in there twice and I revoked him. How did this happen?  How can I see how he got access in the first place?  

7 answers

Suggest an answer

Log in or Sign up to answer
2 votes
Oday Rafeh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 17, 2023

@Clare Lawson 

To investigate how an external customer gained access to your Jira instance, follow these steps:

Check user invitation history in User Management.
Review project and group permissions.
Examine application access settings.
Look at the audit log under System > Audit Log.


To prevent unauthorized access in the future:

Regularly update user access permissions and group memberships.
Enable two-factor authentication (2FA).
Restrict access to specific IP addresses, if possible.

2 votes
Mamatha Dharmavaram March 17, 2023

Hi Clare,

Reason:

1. users can invite the external users through project level like when you are assign the issue, in that place you will get invite user option based on that user can invite the external user.

2. invite the user into the project level using people invite in the left bar.

3. Invite teammate or sharing the issue.

Solution:

As per my understanding, you want to restrict the users cannot invite the customers into the Jira. For that i have a solution to restrict the user invites.

1. Go to  - user management

2. Click on products 

3. In the Products - user access settings

4. Navigate to user invites

5. In that we have two columns like product and existing user permissions

6. suppose Jira software is the product then choose -- "don't allow invites" in existing user permissions. so that anyone cannot invite the users to the product. 

7. this option is not available in your setup then reach out to support and enabled by them and that option is free of cost.

 

Hope you got the exact solution.

Thank you

0 votes
Radka Svobodova March 17, 2023

It depends which kind of product licence you have, if you have  just basic jira SW, then the audit log you can find in jira in the settings menu systems (there depends on your settings you can either see the user who gave the access or just user = jira - 3 months back in the basic).

You also may have settings of the domain open without admin approval - atlassian admin -> products -> user access settings - any domain...

Screenshot 2023-03-17 at 22.04.47.png

0 votes
Danine O_Donnell March 17, 2023

On the upper right hand corner go to the settings then if you have elevated admin access you can see who added when and if the user's activity...Hope that helps! 

0 votes
Jean Gordon March 17, 2023

Atlassian in their wisdom introduced in their opinion a wonderful way for user set up. 

This has allowed users from anywhere to set up accounts unless you have updated your settings from the default they set.  

I have had several conversations about this with Atlassian as we do not allow as have a process and our security were not happy. 

They still introduced it as do not care. 

Please check here for the settings that should help you lockdown as much as you can https://community.atlassian.com/t5/Atlassian-Access-articles/User-management-for-cloud-admins-just-got-easier/ba-p/1576592

0 votes
Hari V March 17, 2023

Hello! Depending on your instance settings, you could search through the audit log to see if it happened somewhere in the last 3-6 months. You would be able to see the date when the user was given access and who provisioned the access to that user. 

0 votes
Michael Thompson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 17, 2023

Did you check the audit logs to see if someone added this user to the instance? Go to Administration, Security -> Audit logs.

Radka Svobodova March 17, 2023

if you have this extra paid feature...

TAGS
AUG Leaders

Atlassian Community Events