Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Prevent team member access requests Edited

Occasionally we get attackers sending team member access requests.

How do we disable the mechanism for requesting access? I want to ensure that no user accidentally approves a request from a look-alike phishing domain or similar. We only want to add employee access manually.

I know that each admin can turn off notifications individually, but we don't want another thing to audit. This also doesn't appear to help with eg., the Slack integration.

1 answer

1 vote
Brant Schroeder Community Leader May 12, 2021

@Brian McGroarty There is nothing in the documentation (https://support.atlassian.com/user-management/docs/approve-or-deny-product-access-requests/) or that I could find that allows you to turn off access requests.  I would suggest contacting support and see if it is something they could possibly do for you.  https://support.atlassian.com/contact/ I will also escalate it here.

Hello Brian!

This is a great question and if you're unsure where to look it can rather difficult to figure out how to manage this. Luckily, we have some documentation to cover that ask here. You're most likely going to want to review the following which will show you how to manage your domain and your access request notifications (there is a lot that might need to be done within this article, so please ensure you review all of the detailed steps)

Please let us know if the above documents help clarify how to manage your domain and thus your notification settings to prevent these unwanted requests.

Regards,
Stephen Sifers

We're already configured with our own domain as the only entry under "Approved domains" and "Access Requests" is configured as "New users can't request access."

Even with these settings, we get periodic requests similar to the below for StatusPage. I suspect StatusPage isn't honoring this setting, unlike the other Atlassian products:


Hey there,

We received a request from (redacted)@gmail.com to help manage your status page, and creating an account for them is just a click away.

Click here to add this person to your team.

If you do not know who this person is, please ignore this email.

Like Stephen Sifers likes this

Hello Brian,

I did some further investigating of your issue and did find your statuspage does have an inactive page which allows anyone to click a link to request access, see screenshot:

image.png

I'll go ahead and submit a support request on your behalf (We'll need confirmation to remove the inactive site/URL), I'll include your site's main contact as well for approval.

You should be getting an email from support shortly.

Regards,
Stephen Sifers

Like Brian McGroarty likes this

Hello @Brian McGroarty

Just a reminder there is an outstanding support request for you on this; https://getsupport.atlassian.com/browse/SPSP-20212.

Regards,
Stephen Sifers

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Statuspage

New feature: Slack notifications for Statuspage

We're excited to announce the release of a long-requested feature on Statuspage. Now visitors to your status page can subscribe to get notified in Slack when you report an incident or maintenance. Th...

1,542 views 2 15
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you