Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Worst Jira Admin Contest: External User Access

June 28, 2024

Mistake 18

How are your global groups and external user accounts structured? You need a specific way to handle external consultants, vendors, auditors, and even interns or temporary employees.

Consider the following use cases:

  • 2 external users from “Alpha” company need access to the X Jira project
  • 3 external users from “Bravo” company need access to the Y Jira project
  • 4 temporary contractors from “Charlie” company need access to the Z Jira project

The above use cases are real examples from a company unprepared for the possibility of external users. The users were set up the same as regular employees. As such, a user with access to one Jira project, had access to all the others. Even worse, any new Jira user was also made a Confluence user! This meant that any temporary user or contractor had access to all internal company information, proprietary documentation, and plans for the future in both applications! Yikes!

Remedies

Dedicated Groups

Instead, I recommend creating dedicated groups to manage external users. First, groups help organize users so it’s easy to recognize which users are external. Second, it gives the admin the flexibility to quickly revoke access to an entire external organization or all external organizations.

chart.png

Dedicated external user groups

Company-provided Email Addresses

Next, all external users should have company-provided email address. This does not have to be the same domain internal employees use but it should be a domain managed by the organization.

External email addresses allow sensitive and proprietary information to leave your organization and be retrieved insecurely from external servers. Remember that email notification is widely used in Jira. An email is triggered for any @mention or share action. Notifications are sent at many different points and contain proprietary data. Do you really want company Jira data sent to gmail.com email addresses? Of course not!

contractor.png

In the example, I’ve appended “contractor” to the user’s display name, given them an internal domain address, and added them to a dedicated external user group.

Back to intro and mistakes list

Comment
Watch
Like # people like this
419 views

2 comments

Dave Rosenlund _Trundl_
Dave Rosenlund _Trundl_
Community Champion
June 28, 2024

Thanks for pointing out this very common Mistake, @Rachel Wright 👍  As always, great advice.

What are your thoughts on adding hygiene, such as an offboarding process and/or regular user clean-ups, to the list of remedies?

I frequently see Atlassian sites with many 'leftovers' (users who no longer need access). This not only leads to unnecessary license usage but also creates vulnerability risks.

Like 4 people like this
Rachel Wright
Rachel Wright
Community Champion
June 28, 2024

Hi @Dave Rosenlund _Trundl_, your hygiene topic sounds like a great idea for an article! I'll add it to my "to do" list!

Until then, one of the things I do it detailed in the next mistake in this series. See: Worst Jira Admin Contest: External Email Address

Like 4 people like this

Comment

Log in or Sign up to comment
Rachel Wright

Rachel Wright

Community Champion

About this author

Author, Jira Strategy Admin Workbook

Industry Templates, LLC

Traveling the USA in an RV

46 accepted answers

559 total posts

View profile
Jira
Jira
TAGS
atlassian, confluence, loom, atlassian intelligence, ai notes, ai-powered meeting notes, atlassian community events, ace, confluence ai, loom ai integration, ai note-taking, atlassian ai features, team '25, atlassian live learning, confluence automation

Unlock AI-powered meeting notes: Join our live learning session! 📹

Did you catch the news at Team ‘25? With Loom, Confluence, Atlassian Intelligence, & even Jira 👀, you won’t have to worry about taking meeting notes again… unless you want to. Join us to explore the beta & discover a new way to boost meeting productivity.

Register today!
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Champions
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.