Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products.

Cloud security is a moving target. As you adopt more products, employees constantly join and leave, and your security checklist keeps getting longer, you need the right tools and processes in place to be successful.

We've put together a guide with our best recommendations for keeping your company’s data safe and secure in Atlassian Cloud:

  1. Create an organization and verify domain to manage all user accounts - See and manage all Atlassian Cloud accounts in use at your company, across all products and sites.

  2. Set up SSO with your identity provider - Connect your identity provider to Atlassian for seamless, secure access to your tools.

  3. Enable automatic provisioning - Provision, sync, and deprovision Atlassian accounts while keeping your external identity provider as the source of truth.

  4. Enforce org-wide security protocols - Ensure all Atlassian users have strong passwords and two-step verification.

  5. Routinely audit accounts - Monitor your activity logs for suspicious activity and limit admin access.

Check out the full guide: Cloud security best practices

PS: We would love to hear about some of the requirements you have for improving security and user management in our products!

1 comment

Robert Kubacki
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
December 11, 2019

It's true that Atlassian Access feature is dedicated to manage user from verified domain, it means all user become as managed users and that is cool.

But the question is how to approach to manage external users?

Even if we don't allow anyone to join your site, users can still request product access for themselves or others and those requests will appear on the Access requests page. Ok then..

In results all the external users are non-managed account and we aren't able to enforce any security policies for these accounts ie. enforce 2FA, password policies, expiration account date etc.

What is the best practices for the external user management to collaboration on the one site/instance?

Like John Saccoccio likes this


Log in or Sign up to comment
AUG Leaders

Atlassian Community Events