Details
-
Suggestion
-
Resolution: Deployed
-
None
-
911
-
Description
We are excited to announce that External User Security is now generally available (GA). The GA experience has just started rolling out so you can expect to see this feature in Atlassian Administration (admin.atlassian.com) within the next few weeks. Please see this Atlassian Community post and our support documentation to learn more about this feature.
As part of the GA release, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email. Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future. That work corresponds to a separate ticket: ACCESS-1362 Enforce SSO for users on unverified domains (external user security).
Update April 21, 2023
In December 2022, we began enabling customers in our Early Access Program (EAP) for the External User Security feature. As part of this feature, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email (see our EAP documentation for details). We’re actively working on expanding capacity for the EAP over the upcoming weeks so that we can onboard more customers who have expressed interest. Please follow our public roadmap for updates on the general availability for this feature.
Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future. That work corresponds to a separate ticket:
ACCESS-1362 Enforce SSO for users on unverified domains (external user security).
Update March 29, 2023
Hi everyone,
Thanks again for all of the feedback on this ticket so far. In December 2022, we began enabling customers in our Early Access Program (EAP) for the External User Security feature. We’re actively working on expanding capacity for the EAP over the upcoming weeks so that we can onboard more customers who have expressed interest. Unfortunately, even after this exercise EAP capacity will still be limited and we cannot guarantee a place for all customers who have expressed interest. We plan to make this feature generally available in Q3 2023.
As part of this feature, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email (see our EAP documentation for details). Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future (that work corresponds to this ticket: https://jira.atlassian.com/browse/ACCESS-1362). We will update our Cloud roadmap when we have more information on the timeline for this capability.
If you're interested in discussing your needs with regard to external user security in more detail, please email me at bnag@atlassian.com
Cheers,
Bhavya Nag
Senior Product Manager, Atlassian Cloud
Update Jan 6, 2023:
Hi everyone,
Thanks for all of the feedback on this ticket so far, and thank you to everyone who has registered their interest in the early access program (EAP).
In December 2022, we began enabling customers in our EAP for this feature. Upon releasing the EAP, we noticed that some Atlassian Marketplace apps that were calling legacy endpoints were no longer working as expected. Because of this and the end-of-year holiday period, we paused on enrolling more customers into the EAP.
Our team has been busy working to address this issue together with Marketplace vendors, and we currently anticipate to be ready to resume our EAP towards the end of January. If you have expressed your interest in the EAP by submitting a ticket, you can expect to hear from us soon with more information.
We appreciate your patience so far.
Cheers,
Bhavya Nag
Senior Product Manager, Atlassian Cloud
Update November 17, 2022:
Hi all,
I'm a Product Manager in the Cloud Security team at Atlassian. Thanks for all your comments!
We understand that MFA controls for external users is a need for many of our customers, and we remain committed to addressing it. The research mentioned above is for a separate initiative on external collaboration that we thought would be of interest to some customers following this ticket. Apologies for any confusion this may have caused!
I wanted to clarify that we are still actively working on security controls for external users (i.e. users that are not managed as part of your organization) as described on our public roadmap, targeting an early access program (EAP) launching in a few weeks. If you’re interested in the EAP, please register your interest here.
Thanks,
Bhavya Nag
Senior Product Manager, Atlassian Cloud
Attachments
Issue Links
- duplicates
-
- Closed
- followed by
-
- Closed
- has a derivative of
-
- In Progress
-
- Closed
- is blocked by
-
- Closed
-
- Closed
- is detailed by
-
- Closed
- is duplicated by
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
- is related to
-
- Closed
-
- Closed
-
MOVE-57670 Loading...
-
- relates to
-
- Gathering Interest
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- resolves
-