Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-1468

Allow Administrators to control managed users' associated sites and products

    • 528
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Atlassian Update - 6 October 2023

      Thank you for your active participation and feedback following our announcement of product requests. We want to address some of the feedback we’ve heard and share our strategy for addressing shadow IT risks now and going forward.
      The Cloud Enterprise (CE) plan solves the challenges of customers operating our products at a large scale by addressing their complexity, governance, advanced security, and compliance needs. The Atlassian Access product solves for more foundational security requirements and provides identity and access management support. We have implemented solutions for shadow IT risks based on customer differentiation in both CE and Atlassian Access.

      The product requests feature will help our CE customers in large, complex environments more closely monitor shadow IT risks as they scale, bolstering our advanced security pillar of CE. For customers with Atlassian Access, we will be adding enhancements to Automatic Product Discovery (APD). The first enhancement is scheduled for release this month and will introduce a new “last active date” field to APD.

      With this enhancement, admins will be able to visit the ‘Discovered Products’ tab within Atlassian Administration and easily identify long inactive shadow IT instances and prioritize recently active ones to take action on. The next APD enhancement will provide org admins with one-click access to ‘join’, or add themselves to, shadow IT instances and take over the management of said instance. 

      In order to track our progress and gain more targeted feedback moving forward, we will now close this ticket and have created separate, linked tickets to address your concerns in smaller forums.

      1. The enhancements to Automatic Product Discovery for the ‘add admin’ feature
      2. The request for product request controls in Trello
      3. The request for product request controls in BitBucket
      4. The ability to remove managed users from external sites

      Best, Griffin

      As an administrator, I would like to have the ability to control and configure permissions to my organization's managed accounts, these permissions are:

      • Ability to create new sites for Jira, Confluence, JSD
      • Ability to create new Bitbucket or Trello accounts
      • Ability to join sites or products external to the organization
      • Ability to remove managed users from external sites
      • Ability to remove access to specific products

      Current impact

      Not being able to have these controls allows managed accounts to join or create sites under the company's email domain, possibly causing an undesired increase on the Atlassian Access billing, which in some occasions might hit the license seat limit.

       

            [ACCESS-1468] Allow Administrators to control managed users' associated sites and products

            b4ec286b8e12 as far as I know, it is required to have enterprise for all products, not just for one.

            Michiel Schuijer added a comment - b4ec286b8e12 as far as I know, it is required to have enterprise for all products, not just for one.

            Does this mean it only works per product on Enterprise plan? Or is it a generic Enterprise administration feature working for all products?

            Julien Schröder added a comment - Does this mean it only works per product on Enterprise plan? Or is it a generic Enterprise administration feature working for all products?

            Darryl Lee added a comment -

            Thanks to 7a79c351a973 for getting CLOUD-12193 - Reduce occurrences of accidental site creations created. I hope everyone can vote for this Suggestion that is actually addressing the issue of accidental creations.

            Darryl Lee added a comment - Thanks to 7a79c351a973 for getting CLOUD-12193 - Reduce occurrences of accidental site creations created. I hope everyone can vote for this Suggestion that is actually addressing the issue of accidental creations.

            There are some industries that are regulated whom use the Atlassian tool, my industry is one of them.  If an employee would happen to make an additional site, this could be a compliance risk if any company information is saved in a non-company approved tool. 

            Ideally, admins could do these things:

            1. Block any creation of Atlassian sites associated with any claimed domain.  For example: XYZ.atlassian.net would block any other creation of XYZxxx.atlassian.net or xxxXYZ.atlassian.net.  
            2. Block claimed domain user accounts from creating a new Atlassian site without the admin approval.

            It would be great if we claim a domain, if the admins of the claimed domain, would be notified in these 2 instances:

            1. If a claimed domain account would create an Atlassian site (this is CURRENT capability)
            2. If any Atlassian site is created with the matching names of any claimed domains, ex. user with private Atlassian account creates a site with company name (XYZ) in it, XYZxxxxxx.atlassian.net

            Alicia.Peebles added a comment - There are some industries that are regulated whom use the Atlassian tool, my industry is one of them.  If an employee would happen to make an additional site, this could be a compliance risk if any company information is saved in a non-company approved tool.  Ideally, admins could do these things: Block any creation of Atlassian sites associated with any claimed domain .  For example: XYZ.atlassian.net would block any other creation of XYZxxx.atlassian.net or xxxXYZ.atlassian.net.   Block claimed domain user accounts from creating a new Atlassian site without the admin approval. It would be great if we claim a domain, if the admins of the claimed domain, would be notified in these 2 instances: If a claimed domain account would create an Atlassian site (this is CURRENT capability) If any Atlassian site is created with the matching names of any claimed domains, ex. user with private Atlassian account creates a site with company name (XYZ) in it, XYZxxxxxx.atlassian.net

            Joe.Noel added a comment -

            Pretty wild that their workaround is not to enable org admins to block it, but to make org admins have substantially more work and time to shut things down after they're (very easily and quickly) created by users.

            Unless you shell out for enterprise on EACH APP.

            Joe.Noel added a comment - Pretty wild that their workaround is not to enable org admins to block it, but to make org admins have substantially more work and time to shut things down after they're (very easily and quickly) created by users. Unless you shell out for enterprise on EACH APP.

            tom.hawkins added a comment - See also https://jira.atlassian.com/browse/ACCESS-1135?focusedId=3425851&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3425851 and https://support.atlassian.com/requests/JST-968487  

            Support issue from a colleague of mine CA-2813147 relates to this and a clearly related critical issue I experienced, I'm awaiting Atlassian's replies to my feedback, which I suspect will be of interest to many of the other 1611 voters for this issue before the voting was frozen. 

             

            tom.hawkins added a comment - Support issue from a colleague of mine CA-2813147 relates to this and a clearly related critical issue I experienced, I'm awaiting Atlassian's replies to my feedback, which I suspect will be of interest to many of the other 1611 voters for this issue before the voting was frozen.   

            It is incredible that they created another ticket, in a different project to handle this same thing. Of course, they restarted the metrics about interest.
            I'm simply speechless.

            https://jira.atlassian.com/browse/CLOUD-10325

            Greivin Guevara added a comment - It is incredible that they created another ticket, in a different project to handle this same thing. Of course, they restarted the metrics about interest. I'm simply speechless. https://jira.atlassian.com/browse/CLOUD-10325

            chen.g added a comment - - edited

            Hi Atlassian,
            Has this problem been solved and is it possible to prevent users from creating a administer product outside mcesys?

            chen.g added a comment - - edited Hi Atlassian, Has this problem been solved and is it possible to prevent users from creating a administer product outside mcesys?

            I spoke to Customer Service at Atlassian Unleash earlier this week. Short answer is that Atlassian don't see this as a problem, and it's working as intended. 

            Robert Condon added a comment - I spoke to Customer Service at Atlassian Unleash earlier this week. Short answer is that Atlassian don't see this as a problem, and it's working as intended. 

              gjones@atlassian.com Griffin Jones
              rbecker Rodrigo B.
              Votes:
              1611 Vote for this issue
              Watchers:
              1047 Start watching this issue

                Created:
                Updated:
                Resolved: