You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Hello. I hope someone can help. An external customer somehow was given access to our Jira instance. He was in there twice and I revoked him. How did this happen? How can I see how he got access in the first place?
To investigate how an external customer gained access to your Jira instance, follow these steps:
Check user invitation history in User Management.
Review project and group permissions.
Examine application access settings.
Look at the audit log under System > Audit Log.
To prevent unauthorized access in the future:
Regularly update user access permissions and group memberships.
Enable two-factor authentication (2FA).
Restrict access to specific IP addresses, if possible.
1. users can invite the external users through project level like when you are assign the issue, in that place you will get invite user option based on that user can invite the external user.
2. invite the user into the project level using people invite in the left bar.
3. Invite teammate or sharing the issue.
As per my understanding, you want to restrict the users cannot invite the customers into the Jira. For that i have a solution to restrict the user invites.
1. Go to - user management
2. Click on products
3. In the Products - user access settings
4. Navigate to user invites
5. In that we have two columns like product and existing user permissions
6. suppose Jira software is the product then choose -- "don't allow invites" in existing user permissions. so that anyone cannot invite the users to the product.
7. this option is not available in your setup then reach out to support and enabled by them and that option is free of cost.
Hope you got the exact solution.
It depends which kind of product licence you have, if you have just basic jira SW, then the audit log you can find in jira in the settings menu systems (there depends on your settings you can either see the user who gave the access or just user = jira - 3 months back in the basic).
You also may have settings of the domain open without admin approval - atlassian admin -> products -> user access settings - any domain...
Atlassian in their wisdom introduced in their opinion a wonderful way for user set up.
This has allowed users from anywhere to set up accounts unless you have updated your settings from the default they set.
I have had several conversations about this with Atlassian as we do not allow as have a process and our security were not happy.
They still introduced it as do not care.
Please check here for the settings that should help you lockdown as much as you can https://community.atlassian.com/t5/Atlassian-Access-articles/User-management-for-cloud-admins-just-got-easier/ba-p/1576592
Did you check the audit logs to see if someone added this user to the instance? Go to Administration, Security -> Audit logs.
Recommended Learning For You
Level up your skills with Atlassian learning
Configure Jira Software, Jira Core, or Jira Service Management, including global settings, permissions, and schemes.
Managing Jira Projects Cloud
Learn to create and configure company-managed projects in Jira Software and partner effectively with Jira Admins.
Managing Permissions in Jira Cloud
Sharpen your skills at configuring and troubleshooting permissions in Jira Cloud with this free course.