You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We want to restrict our users from logging in to their personal/consumer Atlassian account while in our company network. We are looking into migrating to Atlassian cloud and this is a show stopper for us if we cannot restrict it.
We will need to allow uploads to Atlassian cloud and if we open this up, there is a risk it will be a data exfiltration route if users have their own Atlassian account.
Any advise/tip is appreciated.
Welcome to the community. Unfortunately user's Atlassian accounts are managed by Atlassian and the user themselves.
The only way that you can control the user accounts are implementing Atlassian Access setup (separate paid service), where you can control and implement your company's IDP setup. Once you setup Atlassian Access, then you will be able to control user accounts with the ability to specify your company's own user accounts (using your company's identity provider setup) against your cloud env.
Here are the reference links on Atlassian Access -
Hope this helps.
Best, Joseph Chung Yin
Jira/JSM Functional Lead, Global Technology Applications Team
Thank you Joseph for your response. I think Atlassian Access Setup will only control logins when the users are using our company email address. It will have no visibility to logins using consumer email addresses (e.g. gmail.com or yahoo.com).
Ideally, what i am looking for is like what Gsuite has. They have a header we can add using our proxy or firewalls "X-GoogApps-Allowed-Domains" and this allows us to lockdown the logins to our company email address domain. Do you know if this is in Atlassians road map? We cannot open uploads to atlassian at the moment if we cannot lock down access to our tenancy only.
Via Atlassian Access, you can use your own IDP and implement SSO against your IDP to access your Atlassian site. Thus, if the account is not part of your own IDP, then he/she will not be able to access your site.
Hope this helps.