Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Prevent team member access requests

Brian McGroarty
Brian McGroarty May 12, 2021

Occasionally we get attackers sending team member access requests.

How do we disable the mechanism for requesting access? I want to ensure that no user accidentally approves a request from a look-alike phishing domain or similar. We only want to add employee access manually.

I know that each admin can turn off notifications individually, but we don't want another thing to audit. This also doesn't appear to help with eg., the Slack integration.

Answer
Watch
Like Be the first to like this
453 views

1 answer

1 vote
Brant Schroeder
Brant Schroeder
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
May 12, 2021

@Brian McGroarty There is nothing in the documentation (https://support.atlassian.com/user-management/docs/approve-or-deny-product-access-requests/) or that I could find that allows you to turn off access requests.  I would suggest contacting support and see if it is something they could possibly do for you.  https://support.atlassian.com/contact/ I will also escalate it here.

View More Comments
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 13, 2021

Hello Brian!

This is a great question and if you're unsure where to look it can rather difficult to figure out how to manage this. Luckily, we have some documentation to cover that ask here. You're most likely going to want to review the following which will show you how to manage your domain and your access request notifications (there is a lot that might need to be done within this article, so please ensure you review all of the detailed steps)

Please let us know if the above documents help clarify how to manage your domain and thus your notification settings to prevent these unwanted requests.

Regards,
Stephen Sifers

Like
Brian McGroarty
Brian McGroarty May 24, 2021

We're already configured with our own domain as the only entry under "Approved domains" and "Access Requests" is configured as "New users can't request access."

Even with these settings, we get periodic requests similar to the below for StatusPage. I suspect StatusPage isn't honoring this setting, unlike the other Atlassian products:


Hey there,

We received a request from (redacted)@gmail.com to help manage your status page, and creating an account for them is just a click away.

Click here to add this person to your team.

If you do not know who this person is, please ignore this email.

Like Stephen Sifers likes this
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 25, 2021

Hello Brian,

I did some further investigating of your issue and did find your statuspage does have an inactive page which allows anyone to click a link to request access, see screenshot:

image.png

I'll go ahead and submit a support request on your behalf (We'll need confirmation to remove the inactive site/URL), I'll include your site's main contact as well for approval.

You should be getting an email from support shortly.

Regards,
Stephen Sifers

Like Brian McGroarty likes this
Stephen Sifers
Stephen Sifers
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 8, 2021

Hello @Brian McGroarty

Just a reminder there is an outstanding support request for you on this; https://getsupport.atlassian.com/browse/SPSP-20212.

Regards,
Stephen Sifers

Like
Reply

Suggest an answer

Log in or Sign up to answer
Statuspage
Statuspage
TAGS
AUG Leaders

Atlassian Community Events

    See all events