Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-102

Enforce security policies for users not on verified domains

XMLWordPrintable

    • 911

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Atlassian Update - July 6, 2023

      We are excited to announce that External User Security is now generally available (GA). The GA experience has just started rolling out so you can expect to see this feature in Atlassian Administration (admin.atlassian.com) within the next few weeks. Please see this Atlassian Community post and our support documentation to learn more about this feature.

      As part of the GA release, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email. Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future. That work corresponds to a separate ticket:   ACCESS-1362 Enforce SSO for users on unverified domains (external user security).

      Update April 21, 2023

      In December 2022, we began enabling customers in our Early Access Program (EAP) for the External User Security feature. As part of this feature, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email (see our EAP documentation for details). We’re actively working on expanding capacity for the EAP over the upcoming weeks so that we can onboard more customers who have expressed interest. Please follow our public roadmap for updates on the general availability for this feature.

      Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future. That work corresponds to a separate ticket:   ACCESS-1362 Enforce SSO for users on unverified domains (external user security).

       

      Update March 29, 2023

      Hi everyone,

      Thanks again for all of the feedback on this ticket so far. In December 2022, we began enabling customers in our Early Access Program (EAP) for the External User Security feature. We’re actively working on expanding capacity for the EAP over the upcoming weeks so that we can onboard more customers who have expressed interest. Unfortunately, even after this exercise EAP capacity will still be limited and we cannot guarantee a place for all customers who have expressed interest. We plan to make this feature generally available in Q3 2023.

      As part of this feature, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email (see our EAP documentation for details). Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future (that work corresponds to this ticket: https://jira.atlassian.com/browse/ACCESS-1362). We will update our Cloud roadmap when we have more information on the timeline for this capability.

      If you're interested in discussing your needs with regard to external user security in more detail, please email me at bnag@atlassian.com

      Cheers,

      Bhavya Nag
      Senior Product Manager, Atlassian Cloud

      Update Jan 6, 2023:

      Hi everyone,

      Thanks for all of the feedback on this ticket so far, and thank you to everyone who has registered their interest in the early access program (EAP).

      In December 2022, we began enabling customers in our EAP for this feature. Upon releasing the EAP, we noticed that some Atlassian Marketplace apps that were calling legacy endpoints were no longer working as expected. Because of this and the end-of-year holiday period, we paused on enrolling more customers into the EAP.

      Our team has been busy working to address this issue together with Marketplace vendors, and we currently anticipate to be ready to resume our EAP towards the end of January. If you have expressed your interest in the EAP by submitting a ticket, you can expect to hear from us soon with more information.

      We appreciate your patience so far.

      Cheers,

      Bhavya Nag
      Senior Product Manager, Atlassian Cloud

      Update November 17, 2022:

      Hi all,

      I'm a Product Manager in the Cloud Security team at Atlassian. Thanks for all your comments!

      We understand that MFA controls for external users is a need for many of our customers, and we remain committed to addressing it. The research mentioned above is for a separate initiative on external collaboration that we thought would be of interest to some customers following this ticket. Apologies for any confusion this may have caused!

      I wanted to clarify that we are still actively working on security controls for external users (i.e. users that are not managed as part of your organization) as described on our public roadmap, targeting an early access program (EAP) launching in a few weeks. If you’re interested in the EAP, please register your interest here.

      Thanks,

      Bhavya Nag
      Senior Product Manager, Atlassian Cloud

       

              a09734a47f1d Bhavya Nag
              romain.yvart Romain Yvart
              Votes:
              845 Vote for this issue
              Watchers:
              677 Start watching this issue

                Created:
                Updated:
                Resolved: