Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Worst Jira Admin Contest: External User Access

June 28, 2024

Mistake 18

How are your global groups and external user accounts structured? You need a specific way to handle external consultants, vendors, auditors, and even interns or temporary employees.

Consider the following use cases:

  • 2 external users from “Alpha” company need access to the X Jira project
  • 3 external users from “Bravo” company need access to the Y Jira project
  • 4 temporary contractors from “Charlie” company need access to the Z Jira project

The above use cases are real examples from a company unprepared for the possibility of external users. The users were set up the same as regular employees. As such, a user with access to one Jira project, had access to all the others. Even worse, any new Jira user was also made a Confluence user! This meant that any temporary user or contractor had access to all internal company information, proprietary documentation, and plans for the future in both applications! Yikes!

Remedies

Dedicated Groups

Instead, I recommend creating dedicated groups to manage external users. First, groups help organize users so it’s easy to recognize which users are external. Second, it gives the admin the flexibility to quickly revoke access to an entire external organization or all external organizations.

chart.png

Dedicated external user groups

Company-provided Email Addresses

Next, all external users should have company-provided email address. This does not have to be the same domain internal employees use but it should be a domain managed by the organization.

External email addresses allow sensitive and proprietary information to leave your organization and be retrieved insecurely from external servers. Remember that email notification is widely used in Jira. An email is triggered for any @mention or share action. Notifications are sent at many different points and contain proprietary data. Do you really want company Jira data sent to gmail.com email addresses? Of course not!

contractor.png

In the example, I’ve appended “contractor” to the user’s display name, given them an internal domain address, and added them to a dedicated external user group.

Back to intro and mistakes list

Comment
Watch
Like # people like this
343 views

2 comments

Dave Rosenlund _Trundl_
Dave Rosenlund _Trundl_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 28, 2024

Thanks for pointing out this very common Mistake, @Rachel Wright 👍  As always, great advice.

What are your thoughts on adding hygiene, such as an offboarding process and/or regular user clean-ups, to the list of remedies?

I frequently see Atlassian sites with many 'leftovers' (users who no longer need access). This not only leads to unnecessary license usage but also creates vulnerability risks.

Like # people like this
Rachel Wright
Rachel Wright
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 28, 2024

Hi @Dave Rosenlund _Trundl_, your hygiene topic sounds like a great idea for an article! I'll add it to my "to do" list!

Until then, one of the things I do it detailed in the next mistake in this series. See: Worst Jira Admin Contest: External Email Address

Like # people like this

Comment

Log in or Sign up to comment
Rachel Wright

Rachel Wright

Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader

About this author

Author, Jira Strategy Admin Workbook

Industry Templates, LLC

Traveling the USA in an RV

46 accepted answers

556 total posts

View profile
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events