Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,554,975
Community Members
 
Community Events
184
Community Groups

Prevent team member access requests

Edited
Brian McGroarty
Brian McGroarty May 12, 2021

Occasionally we get attackers sending team member access requests.

How do we disable the mechanism for requesting access? I want to ensure that no user accidentally approves a request from a look-alike phishing domain or similar. We only want to add employee access manually.

I know that each admin can turn off notifications individually, but we don't want another thing to audit. This also doesn't appear to help with eg., the Slack integration.

Answer
Watch
Like Be the first to like this
213 views

1 answer

1 vote
Brant Schroeder
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 12, 2021

@Brian McGroarty There is nothing in the documentation (https://support.atlassian.com/user-management/docs/approve-or-deny-product-access-requests/) or that I could find that allows you to turn off access requests.  I would suggest contacting support and see if it is something they could possibly do for you.  https://support.atlassian.com/contact/ I will also escalate it here.

View More Comments
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 13, 2021

Hello Brian!

This is a great question and if you're unsure where to look it can rather difficult to figure out how to manage this. Luckily, we have some documentation to cover that ask here. You're most likely going to want to review the following which will show you how to manage your domain and your access request notifications (there is a lot that might need to be done within this article, so please ensure you review all of the detailed steps)

Please let us know if the above documents help clarify how to manage your domain and thus your notification settings to prevent these unwanted requests.

Regards,
Stephen Sifers

Like
Brian McGroarty
Brian McGroarty May 24, 2021

We're already configured with our own domain as the only entry under "Approved domains" and "Access Requests" is configured as "New users can't request access."

Even with these settings, we get periodic requests similar to the below for StatusPage. I suspect StatusPage isn't honoring this setting, unlike the other Atlassian products:


Hey there,

We received a request from (redacted)@gmail.com to help manage your status page, and creating an account for them is just a click away.

Click here to add this person to your team.

If you do not know who this person is, please ignore this email.

Like Stephen Sifers likes this
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 25, 2021

Hello Brian,

I did some further investigating of your issue and did find your statuspage does have an inactive page which allows anyone to click a link to request access, see screenshot:

image.png

I'll go ahead and submit a support request on your behalf (We'll need confirmation to remove the inactive site/URL), I'll include your site's main contact as well for approval.

You should be getting an email from support shortly.

Regards,
Stephen Sifers

Like Brian McGroarty likes this
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Jun 08, 2021

Hello @Brian McGroarty

Just a reminder there is an outstanding support request for you on this; https://getsupport.atlassian.com/browse/SPSP-20212.

Regards,
Stephen Sifers

Like
Reply

Suggest an answer

Log in or Sign up to answer
Statuspage
Statuspage
TAGS
AUG Leaders

Atlassian Community Events

See all events