Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Easily test external user security: test policy now available

In June of 2023, we launched external user security which enables you to apply security controls to users who collaborate with your company but who you don’t manage in your Atlassian organization.

Learn about managed accounts

 

In response to your feedback, we added a test policy to external user security. It allows you to test the external user security settings before you roll out the policy to all your external users.

A test policy allows you to:

  • Create one test policy

  • Add up to 5 external users to the test policy

Learn how to setup a test policy

 

d3613bf8-81d1-4c03-a64b-5e62a10159d5.png Above is the new external user security screen with test policy and main policy

e85a4a3a-e757-49e4-b4fc-7129b310d2ab.png
Above is the test policy overview page where you can add/remove test external users

 

We are rolling out the test policy in late August and September of 2023 so you can expect to see the external user test policy in Atlassian Administration (admin.atlassian.com) then.

The next updates to external user security include:

  • editing the verification frequency 

  • resetting sessions 

  • enforcing single sign-on

 

You can track these and future updates on Atlassian’s Cloud roadmap.

 

0c081b1b-3d03-4558-a093-5e8417587249.png

You can find in-product feedback prompts at the bottom of the screen

If you previously used external user security, thank you for your feedback. We encourage you to submit feedback to the portal or to any of your Atlassian support contacts. And if you’re new to external user security, we hope you find it valuable to securely collaborate with your external teammates.

Learn more about external user security

11 comments

Comment

Log in or Sign up to comment
Tomislav Tobijas
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 3, 2023

Hi @David Olive 

Is this feature rolled out gradually or should it already be available at all sites? I'm checking this at one of our customer's sites and I cannot see this option to add a test policy.

Cheers,
Tom

David Olive
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 5, 2023

Hi @Tomislav Tobijas we are gradually rolling out this feature. Not all orgs have it yet but should soon in the next couple weeks!


Like Tomislav Tobijas likes this
Craig Castle-Mead
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 5, 2023

Hi @David Olive 

In terms of what products/instances would be covered by an external policy set against an organisation - is it:

  1. Any products that are  managed/owned by the Access org?
  2. Any products that are owned by a managed user within an org?

I am assuming that it’s the former, but until Atlassian provide a way for companies to prevent users (who we pay to manage) from setting up new Cloud environments that aren’t associated with the Access Org, that means we still cannot manage external access to company content.

And yes, there’s a hyped feature that lets an access org stop users signing up for Cloud products without first being approved by the Org admins, however, this can only be enabled for Orgs who have an Enterprise version of each product you want to gate (yet we have a huge DC instance which we cannot yet move to Cloud as it’s too large and complex).

So we are still in the position of:

 - not being able to stop our users from setting up additional Cloud instances

 - when the above does happen, not being able to enforce security policies on external users 

Both of these points are significant hindrances and mean we’re constantly diverting time and energy from proactively consolidating/simplifying our DC environment to get it to a state that means it’s more aligned with Cloud.

 

CCM

David Olive
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 6, 2023

Hi @Craig Castle-Mead 

Yes, External User Security policies only apply to products that are managed/owned by the Access org.

For the issue of managed users creating other instances without permission outside of the method you mentioned there is also the discovered products feature which lets you set up alerts when managed users create new instances outside your org so you can contact them.

We are always looking for ways to improve these features! You can reach out to me at dolive@atlassian.com if you would like to talk more about these features and your organizations pain-points.

María José Vázquez Poza
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 5, 2023

Good morning.

When I type the email of an external user in the test policy it always tells me "User not found", however said user exists in my directory and has been assigned a client role as well as a project to connect to.

What more characteristics should I add to said user so that the testing policy recognizes it as such? In my case we are using Atlassian Acess.

Thank you

David Olive
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 5, 2023

Hi @María José Vázquez Poza ,

Thanks for reaching out, would be happy to help you with this.

If possible could you send me some more info regarding the user, like what product they have access to and some screenshots.

You can reach me at dolive@atlassian.com

Happy to Help!

All the best,

-David

María José Vázquez Poza
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 11, 2023

Don't worry. I have assigned the role jira-user... and it has already let me include that user in the external user policy. Thank you.

Frédéric MICHELETTI December 11, 2023

Hi,

Does this feature allows to manage people from our Azure AD (when subscribing to Atlassian Access) with an email domain address not owned by our company ?

For example, a partner which has a account in our acme.com domain but with it company email address associated to it mypartner.com ?

Or this feature only works with external user account through their Atlassian ID ?

Thanks.

David Olive
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 11, 2023

Hi @Frédéric MICHELETTI 

You can only manage accounts from a claimed domain.

The external user security feature will allow you to enforce step-up verification when one of those external users (i.e from an unclaimed domain) tries to access your org, you will have the ability to enforce step-up verification then via this feature.

At the moment we have verification via email one time passcode but in the future will be allowing you to enforce SSO if you have those externals in your identity provider.

You can read more about external user security here.

Frédéric MICHELETTI December 11, 2023

Hi @David Olive

Thanks for the feedback.

I still have a grey area regarding this topic. What do you consider as External Users ?

  • Only users with an Atlassian ID ?
  • Or any users coming from our IDP with an email attribute of their own company (through Atlassian Access feature) ?

Bottom line, my question is: Does this feature works with accounts coming from our own IDP through Atlassian Access ?

Thanks.

David Olive
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 11, 2023

Hi @Frédéric MICHELETTI 

Here is some clarification on what is considered an external user.

If you are giving those users from your IDP with an email attribute of their own company product access to instances within your organization then yes, external user security will apply to them.

Hope that helps to clarify but if not feel free to reach out to me directly via email at dolive@atlassian.com! 

TAGS
AUG Leaders

Atlassian Community Events