Uploaded image for project: 'Atlassian Access'
  1. Atlassian Access
  2. ACCESS-102

Enforce security policies for users not on verified domains



    • 623
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.


      Update on external user security

      We are actively working on providing customers with a solution to enforce 2FA on non-managed users. This is something that is committed to on our public roadmap.

      We are a bit surprised that two-step verification is only allowed for managed domains.

      As many company we are working with subcontractors that have their own domain that we can't manage.

      As we need secure connexion on our instance for every user, it would be a great security improvement to be able to enforce two-step verification for every user.

      In the meantime, it's makes us unable to be compliant with our security commitments.

      Thanks for the attention you'll pay for this issue.


      Update March 3, 2022: For those interested in enforcing SAML SSO at the site level, please see Kat's comment here

      Hi everyone, 
      Thanks for watching and engaging on this ticket. As a part of the work described here, we are in the process of bringing userbases out of the site layer and into the organization level. Because of this work, we will not be making any changes at the site level and are closing out this request. Solutions like selective user claim (planned for the next year) are designed to give you more granular control over which users are SSO-enabled. 


        Issue Links



              ayang@atlassian.com Aneita
              romain.yvart Romain Yvart
              605 Vote for this issue
              513 Start watching this issue