-
Suggestion
-
Resolution: Deployed
-
None
-
911
-
We are excited to announce that External User Security is now generally available (GA). The GA experience has just started rolling out so you can expect to see this feature in Atlassian Administration (admin.atlassian.com) within the next few weeks. Please see this Atlassian Community post and our support documentation to learn more about this feature.
As part of the GA release, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email. Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future. That work corresponds to a separate ticket:
ACCESS-1362 Enforce SSO for users on unverified domains (external user security).
Update April 21, 2023
In December 2022, we began enabling customers in our Early Access Program (EAP) for the External User Security feature. As part of this feature, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email (see our EAP documentation for details). We’re actively working on expanding capacity for the EAP over the upcoming weeks so that we can onboard more customers who have expressed interest. Please follow our public roadmap for updates on the general availability for this feature.
Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future. That work corresponds to a separate ticket:
ACCESS-1362Enforce SSO for users on unverified domains (external user security).
Update March 29, 2023
Hi everyone,
Thanks again for all of the feedback on this ticket so far. In December 2022, we began enabling customers in our Early Access Program (EAP) for the External User Security feature. We’re actively working on expanding capacity for the EAP over the upcoming weeks so that we can onboard more customers who have expressed interest. Unfortunately, even after this exercise EAP capacity will still be limited and we cannot guarantee a place for all customers who have expressed interest. We plan to make this feature generally available in Q3 2023.
As part of this feature, the currently supported method of 2FA is a one-time password (OTP) sent to external users via email (see our EAP documentation for details). Based on customer feedback, we have also started working on SSO enforcement for external users as an additional method of 2FA in the future (that work corresponds to this ticket: https://jira.atlassian.com/browse/ACCESS-1362). We will update our Cloud roadmap when we have more information on the timeline for this capability.
If you're interested in discussing your needs with regard to external user security in more detail, please email me at bnag@atlassian.com
Cheers,
Bhavya Nag
Senior Product Manager, Atlassian Cloud
Update Jan 6, 2023:
Hi everyone,
Thanks for all of the feedback on this ticket so far, and thank you to everyone who has registered their interest in the early access program (EAP).
In December 2022, we began enabling customers in our EAP for this feature. Upon releasing the EAP, we noticed that some Atlassian Marketplace apps that were calling legacy endpoints were no longer working as expected. Because of this and the end-of-year holiday period, we paused on enrolling more customers into the EAP.
Our team has been busy working to address this issue together with Marketplace vendors, and we currently anticipate to be ready to resume our EAP towards the end of January. If you have expressed your interest in the EAP by submitting a ticket, you can expect to hear from us soon with more information.
We appreciate your patience so far.
Cheers,
Bhavya Nag
Senior Product Manager, Atlassian Cloud
Update November 17, 2022:
Hi all,
I'm a Product Manager in the Cloud Security team at Atlassian. Thanks for all your comments!
We understand that MFA controls for external users is a need for many of our customers, and we remain committed to addressing it. The research mentioned above is for a separate initiative on external collaboration that we thought would be of interest to some customers following this ticket. Apologies for any confusion this may have caused!
I wanted to clarify that we are still actively working on security controls for external users (i.e. users that are not managed as part of your organization) as described on our public roadmap, targeting an early access program (EAP) launching in a few weeks. If you’re interested in the EAP, please register your interest here.
Thanks,
Bhavya Nag
Senior Product Manager, Atlassian Cloud
- duplicates
-
- Closed
- followed by
-
- Closed
- has a derivative of
-
- Closed
-
- Closed
- is blocked by
-
- Closed
-
- Closed
- is detailed by
-
- Gathering Interest
- is duplicated by
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
-
- Closed
- is related to
-
- Closed
-
- Closed
-
MOVE-57670 Loading...
-
- relates to
-
- Gathering Interest
- mentioned in
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- resolves
-
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
[ACCESS-102] Enforce security policies for users not on verified domains
c278e2dd0056 - We've now rolled out the GA experience to all customers. You should see it in Atlassian Administration now.
7042ead1b4df - Are you referring to portal-only customer accounts on Jira Service Management? If so, then SSO for JSM customer accounts is part of a separate initiative - you can find more details here and here.
Hello!
Does this mean that OTP would be appliable also to customers (not using any license)?
Hello Bhavya,
I read in your article https://community.atlassian.com/t5/Atlassian-Access-articles/Collaborate-more-securely-with-External-User-Security-GA-release/ba-p/2411155
that The GA experience has just started rolling out so you can expect to see this feature in Atlassian Administration (admin.atlassian.com) within the next few weeks.
Would you have a more specific timeframe as to when the external user security feature will be available, we just checked and do not have it yet.
Best regards
Dear Atlassian,
We are planning to migrate Jira software from the on-Premise version to Atlassian could also integrate with Okta integration for internal and external users we are not able to assign the security policy to the External user and having this future will help save time and money and extra work cause the users are already in action.
Vany
As this is already provisioned through EAP of Atlassian, trust we can expect the actual release just around the corner, as we have already spent 6 months of the year 2023 since the EAP release in Dec 22.
Any update on the exact dates will be very helpful.
Thanks
Hello,
I just voted on this issue, as we need this at Genesco for proper security around our external Jira users. Thank you!
14a97a75c29d - Yes, that's correct. I'd mentioned the other ticket in an earlier comment on March 29th, and I've now also updated the description of this ticket with that information to make it more easily accessible.
Bhavya Nag
Senior Product Manager, Atlassian Cloud
Hi all,
Just a quick note for those of you watching, in case you like me are watching this one because you are interested in enforcing SSO for users on unverified domains (external user security), if so please vote and watch for below linked feature suggestion.
ACCESS-1362 Enforce SSO for users on unverified domains (external user security)
I thought until now that SSO for users under unverified domains would be part of this suggestion, but I've recently learned its covered under the above, so just FYI in case you were also unaware.
unfortunately it does not work correctly. Although there are 750 guest accounts in my company, I can only see 250 of them in the system. Also I can't create Authentication policies for Guest accounts !!