It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products.

Cloud security is a moving target. As you adopt more products, employees constantly join and leave, and your security checklist keeps getting longer, you need the right tools and processes in place to be successful.

We've put together a guide with our best recommendations for keeping your company’s data safe and secure in Atlassian Cloud:

  1. Create an organization and verify domain to manage all user accounts - See and manage all Atlassian Cloud accounts in use at your company, across all products and sites.

  2. Set up SSO with your identity provider - Connect your identity provider to Atlassian for seamless, secure access to your tools.

  3. Enable automatic provisioning - Provision, sync, and deprovision Atlassian accounts while keeping your external identity provider as the source of truth.

  4. Enforce org-wide security protocols - Ensure all Atlassian users have strong passwords and two-step verification.

  5. Routinely audit accounts - Monitor your activity logs for suspicious activity and limit admin access.

Check out the full guide: Cloud security best practices

PS: We would love to hear about some of the requirements you have for improving security and user management in our products!

1 comment

It's true that Atlassian Access feature is dedicated to manage user from verified domain, it means all user become as managed users and that is cool.

But the question is how to approach to manage external users?

Even if we don't allow anyone to join your site, users can still request product access for themselves or others and those requests will appear on the Access requests page. Ok then..

In results all the external users are non-managed account and we aren't able to enforce any security policies for these accounts ie. enforce 2FA, password policies, expiration account date etc.

What is the best practices for the external user management to collaboration on the one site/instance?

Comment

Log in or Sign up to comment
Community showcase
Posted in Jira

How InVision centralized their tools and scaled their remote team with Atlassian and Slack

Hi Atlassian Community, We recently published a case study that we thought you might be interested in. Learn about how InVision built their fully remote company’s culture using Atlassian and Slack ...

395 views 1 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you