Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1027

Allow org admins to transfer ownership of products owned by managed accounts

XMLWordPrintable

    • 112

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Organization administrators are getting blocked from deleting certain managed accounts because these accounts have licenses tied to them, currently, this is demanding quite some effort from the administrator as they need to:

      1. Re-gain access to the Atlassian account so they can transfer the subscriptions
        • Sometimes they do not have an SSO to set that up easily
        • The mail box in most cases will no longer exist to recover the account
      2. As a last resort, they need to change the email to become an alias of their own accounts
      3. Transfer the actual subscriptions or simply deactivate them - Which depending on the product, may take up to 15 days as a Cloud site (Jira or Confluence) has to be destroyed before unblocking the account for deletion.
      4. Existing contacts have to manually log in to "my.atlassian.com" to remove users to be deleted.

      Same problem can be encountered when discovering products that are owned by managed accounts owned by users who left the company.

      Suggestion

      • Allow org admins to remove managed accounts as contacts of the products via the org administration page.
      • Allow org admins to transfer the ownership of the products owned by managed accounts.

            [ACCESS-1027] Allow org admins to transfer ownership of products owned by managed accounts

            Igor Sholomov added a comment -

            Hi Atlassian!

            Big thanks to Atlassian Access Support representative Roman P. for pointing me to this feature request.

            I'd like to share my vision of a problem I've already shared with Roman in support request (for Atlassian representatives ref.: PCS-119890)

            In our case, our Information Security department raised a ticket to us (internal admins) to get rid of unapproved Jira Cloud instance, where, under our domain, might be processed any data we are not aware about and our domain name might be used for scam.

            Moreover, Atlassian understand this situation and going to “prevent accounts managed by your Atlassian organization from creating their own cloud product instances“ (ref.: https://jira.atlassian.com/browse/CLOUD-11072). But while this functionality is in development, Atlassian is unable to remove such instances per admin request and/or grant ORG admins access to these instances.

            Indeed, as an admins, we can gain access to owner's mailbox and act on-behalf of this user (raise a termination request for specific product instance, log in to this product, etc...) but this means that Atlassian relies on their client's systems to get rid of unapproved product instances instead of providing management access to Atlassian products via Atlassian systems. It is odd. In my opinion, management of cloud product instances is a very basic feature which must be provided by Atlassian, clients shouldn't seek for a workaround with use of their own systems.

            And the last thing I'd like to mention is that Atlassian already have a requested functionality implemented for Trello. It means that technically, for Atlassian products, it is absolutely possible, but in some reason this feature is not implemented yet for the rest of Atlassian cloud products.

            Looking forward to see this implemented.

             

            Best regards,

            Sholomov Igor

            Igor Sholomov added a comment - Hi Atlassian! Big thanks to Atlassian Access Support representative Roman P. for pointing me to this feature request. I'd like to share my vision of a problem I've already shared with Roman in support request (for Atlassian representatives ref.: PCS-119890) In our case, our Information Security department raised a ticket to us (internal admins) to get rid of unapproved Jira Cloud instance, where, under our domain, might be processed any data we are not aware about and our domain name might be used for scam. Moreover, Atlassian understand this situation and going to “prevent accounts managed by your Atlassian organization from creating their own cloud product instances“ (ref.: https://jira.atlassian.com/browse/CLOUD-11072 ). But while this functionality is in development, Atlassian is unable to remove such instances per admin request and/or grant ORG admins access to these instances. Indeed, as an admins, we can gain access to owner's mailbox and act on-behalf of this user (raise a termination request for specific product instance, log in to this product, etc...) but this means that Atlassian relies on their client's systems to get rid of unapproved product instances instead of providing management access to Atlassian products via Atlassian systems. It is odd. In my opinion, management of cloud product instances is a very basic feature which must be provided by Atlassian, clients shouldn't seek for a workaround with use of their own systems. And the last thing I'd like to mention is that Atlassian already have a requested functionality implemented for Trello. It means that technically, for Atlassian products, it is absolutely possible, but in some reason this feature is not implemented yet for the rest of Atlassian cloud products. Looking forward to see this implemented.   Best regards, Sholomov Igor

            Admin Stewart added a comment -

            This is a huge issue.  This is especially of concern when someone leaves any organization under less than favorable conditions.  They need to be removed from all of their credentials while they are speaking with HR.

            Admin Stewart added a comment - This is a huge issue.  This is especially of concern when someone leaves any organization under less than favorable conditions.  They need to be removed from all of their credentials while they are speaking with HR.

            Joy MontgomeryIT added a comment -

            Soooo... when we claim our domain, anyone using our domain email address for an account gets pulled in to our account. But when they leave, if they have made themselves the billing/technical account ( even on a free account) we can't remove that person's account unless we get access to their email account, change the email address.... that seems like a big miss. 

            Joy MontgomeryIT added a comment - Soooo... when we claim our domain, anyone using our domain email address for an account gets pulled in to our account. But when they leave, if they have made themselves the billing/technical account ( even on a free account) we can't remove that person's account unless we get access to their email account, change the email address.... that seems like a big miss. 

            Kristian B added a comment -

            This one is particular has become quite a security issue for us, as we now have accounts, that if anyone ever gains access to them, they would have access to parts of our business we do not have any insight into or any control over. Plus of course that we can't remove the users, which would also give some visibility into the information that we do have access to/control.

            Kristian B added a comment - This one is particular has become quite a security issue for us, as we now have accounts, that if anyone ever gains access to them, they would have access to parts of our business we do not have any insight into or any control over. Plus of course that we can't remove the users, which would also give some visibility into the information that we do have access to/control.

              gjones@atlassian.com Griffin Jones
              07b65cdcf5f4 npv (Inactive)
              Votes:
              111 Vote for this issue
              Watchers:
              87 Start watching this issue

                Created:
                Updated: