Hello. I hope someone can help. An external customer somehow was given access to our Jira instance. He was in there twice and I revoked him. How did this happen? How can I see how he got access in the first place?
To investigate how an external customer gained access to your Jira instance, follow these steps:
Check user invitation history in User Management.
Review project and group permissions.
Examine application access settings.
Look at the audit log under System > Audit Log.
To prevent unauthorized access in the future:
Regularly update user access permissions and group memberships.
Enable two-factor authentication (2FA).
Restrict access to specific IP addresses, if possible.
Hi Clare,
Reason:
1. users can invite the external users through project level like when you are assign the issue, in that place you will get invite user option based on that user can invite the external user.
2. invite the user into the project level using people invite in the left bar.
3. Invite teammate or sharing the issue.
Solution:
As per my understanding, you want to restrict the users cannot invite the customers into the Jira. For that i have a solution to restrict the user invites.
1. Go to - user management
2. Click on products
3. In the Products - user access settings
4. Navigate to user invites
5. In that we have two columns like product and existing user permissions
6. suppose Jira software is the product then choose -- "don't allow invites" in existing user permissions. so that anyone cannot invite the users to the product.
7. this option is not available in your setup then reach out to support and enabled by them and that option is free of cost.
Hope you got the exact solution.
Thank you
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It depends which kind of product licence you have, if you have just basic jira SW, then the audit log you can find in jira in the settings menu systems (there depends on your settings you can either see the user who gave the access or just user = jira - 3 months back in the basic).
You also may have settings of the domain open without admin approval - atlassian admin -> products -> user access settings - any domain...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
On the upper right hand corner go to the settings then if you have elevated admin access you can see who added when and if the user's activity...Hope that helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Atlassian in their wisdom introduced in their opinion a wonderful way for user set up.
This has allowed users from anywhere to set up accounts unless you have updated your settings from the default they set.
I have had several conversations about this with Atlassian as we do not allow as have a process and our security were not happy.
They still introduced it as do not care.
Please check here for the settings that should help you lockdown as much as you can https://community.atlassian.com/t5/Atlassian-Access-articles/User-management-for-cloud-admins-just-got-easier/ba-p/1576592
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello! Depending on your instance settings, you could search through the audit log to see if it happened somewhere in the last 3-6 months. You would be able to see the date when the user was given access and who provisioned the access to that user.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you check the audit logs to see if someone added this user to the instance? Go to Administration, Security -> Audit logs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Recommended Learning For You
Level up your skills with Atlassian learning
Learning Path
Jira Administrator
Configure Jira Software, Jira Core, or Jira Service Management, including global settings, permissions, and schemes.
Managing Jira Projects Cloud
Learn to create and configure company-managed projects in Jira Software and partner effectively with Jira Admins.
Learning Path
Become an effective Jira Software Project Admin
This learning path is designed for team leaders who configure Jira Software projects to match a team's processes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.