As the Org/Site Admin of my account, it's honestly hard to comprehend that I do not have the ability to block staff in our domain from adding products. We subscribe to Atlassian Access as well, and given the substantial cost of that, it is seriously lacking in functionality and control. Very disappointing that this ticket has been running for 3 years, regardless of the necessity of it. Please Atlassian, stop working on new bells and whistles until you can make the core system do the basics.

Not having this basic level of control, on an expensive cloud app is like leaving the door to your apartment open, trusting the other building residents won't let themselves in. You wouldn't do it at home, don't force your subscribing org admins to do it with our accounts.

If you can't practice zero trust.... you are completely out of touch with modern workplace technology and information security and that is just not acceptable. 

I'm sorry if this sounds harsh, but come one... seriously. Security and administrative control by those of us paying for these tenancies has to take higher priority.

Adminssss, where are you? were you sleeping on these product features?

It's like you have a nice house, nice car, want to show everybody, and brag about it, but you lost the fking key to the house! It's embarrassing. 

This issue being left unresolved for so long is costing Atlassian Access users money that shouldn't need to be spent, wasted on the fact we don't have the control we need over our own verified domains.

This has thrown a massive spanner in the works for my organisation's migration from JSM Server to Cloud. I no longer am confident the migration can proceed with this issue outstanding.

According to Atlassian's documentation, a user is not considered billable if:

• "They have a Jira Service Management portal customer account (portal customers who have an Atlassian account are covered by Atlassian Access features, but only agents count as unique billable users)."

However, if any of my 2,500+ customers (in addition to people who have long left the company) have at any point over the past 4 years decided to sign up for a free Trello account they are inexplicably regarded as billable. This is not clearly articulated in Atlassian's documentation - documentation which me and it would appear, countless others have relied on to inform their migration efforts and budgets.

Needless to say I was shocked to see hundreds of inactive Trello accounts across my domain regarded as billable users on Atlassian Access with no ability to unlink Trello or manage the accounts without killing access to all Atlassian products (thereby removing customer portal access!)

How is it possible that a product claiming to provide 'enhanced governance' and 'enterprise-grade access management' can allow any staff member to just create a free Trello account at any time and subsequently result in us getting charged without our knowledge? 

Consumers have the right to expect certain things when they purchase a product or service. In Australia these rights are protected under consumer law. It is evident in this ticket that Atlassian's marketing around Access does appear to be incongruent with what is actually being provided in the product. It feels misleading.

Please provide an update on what is happening with this issue.

Is this on a roadmap we can see anywhere? this is a huge problem still

Bump

Bump

Please prioritize this item! 

It is very important that our Org Admins be able to control managed users' associated sites and products.

Bump

Bump.

This is a serious headache for our organization, we as Org Admins should at least have the ability to delete these...

While this is in progress, is there a way to discount users who are added to product sites that are not under our control from Atlassian access charges?

plz fix k thx bai 

We need, please provide it.

Bump!!

Bump this as a priority, please.

Same here. We are paiyng for that...

Big problem for us as well, becoming a nightmare.

This is desperately needed. My organization's users create Jira and Confluence instances without even realizing it. It's a nightmare to get control.  

Adding this summarized response here in addition to feedback provided on CA-2265367. Note that some of this has been altered to be more generalized, more specific details on how this is impacting our organization can be found in the private ticket.

...There’s currently a huge gap between what seems like an overstepping sales practice vs. maintaining Enterprise security & governance controls. Some of the comments here call these problems out, although the compliance & controls issues seem to be mixed in with other customers who are frustrated about Trello licensing. Want to make sure that IT controls & compliance concerns are not lost on whoever is working on this issue, which is that users of a corporate-owned domain (@contoso.com for example) are allowed to completely bypass controls & governance in order to spin up new environments within Atlassian on their own in a matter of seconds. This process completely bypasses HIPAA protections and MFA/SSO controls put in place for the corporate-owned domain and happens in a way that administrators who own that domain have zero ability to take control of new sites as they are spun up. The fact that Atlassian acknowledges this in the following article honestly just adds insult to injury: https://support.atlassian.com/organization-administration/docs/what-is-the-impact-of-shadow-it-on-my-organization/

Atlassian’s sales and product teams have created this provisioning problem, acknowledge its existence, and provide no solution. They are obviously aware of what they are doing, and instead of offering a safe alternative for their Enterprise-grade customers, they instead have continued to acknowledge and promote “shadow IT” provisioning by treating corporate-owned domain email addresses as potential new customers instead of as governed identities...

This has been picked up but has been any progress made?

Many of our Trello accounts are inactive or for people that have left the company with disabled accounts so are being billed for Access, like others we need a way to controll this so we are only paying for services we are using. We can't depend on users managing this.

We really need a way to remove Trello users or minimally being able to stop them from signing up and consuming licences unnecessary. if consuming Atlassian licence is necessary for  Trello users, we should be able to have a way to block them from doing so in the first place Without affecting them having other product access to Atlassian (ie: Portal Customer) We are planning to put all users to internal accounts and essentially becoming a managed account, however by doing so we actual lose control for trello (ie: User signing up get an Atlassian licence consumed immediately) This is not an effective way to manage billing. 

Yes, please provide an update on this. These additional admin privileges are a necessity. 

Not sure if this would help, but we've found a 'way' for users to remove themselves from Trello products (from being Access billable users in case they only have access to Trello).

Here's the guide: Navigate users to remove themselves from Trello (Atlassian Access billing 'issue')

@Hugh Jinhyun Kim you're correct that the only option is to deactivate the user, but you can keep the SSO.

You have to change the mail address associated to the Trello user, deactivate the user, and create a new brand user (with the same mail) via User Provisioning.

The workaround I used in similar occasions is:

• Contact Atlassian so that they can break the SCIM link for the user using Trello (for ex. peter.parker@acme.com)
• Once the SCIM link is broken, you can now change the mail address of the user (for ex. peter.parker_OLD@acme.com)
• Deactivate the user 
  • this will deactivate the user associated to Trello
• On the next User Provisioning a new brand user will be created for peter.parker@acme.com
  • assign Jira/Confluence licenses
  • enable SSO

This is helpful for brand new Cloud instances, so that you won't have data associated to users.

Otherwise you should migrate data too (for ex. where the user is Assignee, Reporter, ecc...)

This is far from being easy and smooth, I still can't understand how Atlassian is not aware of this (probably they are).

We have users who used Trello free version long before 2021, and admin can't even remove their product on Atlassian Access. It just eats up the bill and do nothing. Users don't even know if they used the Trello.. And the only option is to deactivate. To deactivate I have to remove them from SSO, which defeats the purpose of having Atlassian Access.

Please have administrators to be able to control products of managed users.

My friends at Atlassian, just adding to the pile again.

We can't have our users ingest licenses for Atlassian access because they want to trial Trello.  We love the fact that our users have our service portal available on SSO free of any charge, this is incredible and an awesome user experience.

The issue is that they have a lovely trial experience using Trello on a whim, then a grumpy administrator (me in this case) has to pull them out of Single Sign On so they have yet another password to remember.  They can't even get rid of Trello without me deleting their Atlassian account and re-syncing them with our IDP - what the hell.

The other alternative is to pivot on your Atlassian Access pricing models, and I don't want to insinuate this but it makes me feel like you are getting your bang for the buck for organizations who blindly agree to thousands of access licenses so they don't have to feed and water this problem.  Globally everywhere is looking at costs and I'm sorry to say this, it's not going to be palatable anymore so please don't just pin a comment from October thinking this will satisfy us that you've got this on your radar.

Coming from a place of care, every large SaaS provider worth their salt allows checks and balances on this stuff... you're going to get left behind.  Not to mention the glaringly obvious management and data black holes this causes with regulatory groups.

@Griffin Jones

Can we at least get some kind of ETA or time frame? This is ridiculous, we haven't heard a peep out of Atlassian since October about this issue. 5 months ago!!
People comment on this ticket almost daily with their frustrations and yet - nothing.
This ticket has been open for over three years. That isn't even close to how old some of the tickets I've seen are, which is a very scary thought. How long till this is fixed? 4 years? 5? ....10? 

Yes - this is a problem - where i found users who no longer work for my company have created their own instances but i have no over-sight or permissions to be able to close it down. 

I think the ultimate control is that Org Admins must approve the creation of new products/sites.

This issue ticket looks like more a blog than a real tracking issue of a professionnel company.

@atlassian, where should we open the Issue ticket in order to have it taken in charge ?

+1 here too, we also have "shadow" sites, we don't want to have. IT should have the full control of the instances - so we want to restrict our Domain-Members so they can't create a instance without permission.

Not being able to restrict the creation of new "shadow IT" sites puts us in a difficult situation, where IT controls & governance are being bypassed for end-user convenience. As a customer who relies on Enterprise licensing for HIPAA compliance & multi-site capabilities, this one setting allows our employees to bypass all of our controls. This is a significant compliance issue, and isn't something Atlassian should just brush under the rug in order to appease their sales team! Please allow us to restrict non-admins from creating new sites in Jira & Confluence. At a minimum pop up a warning that they may be violating company policies by not going through approved channels. As others have repeatedly said, not having control here is hurting your enterprise customers.

This feature is desperately needed, dare I say it, mandatory for large Enterprise customers. It would be good to provide some timeframes on when it will become available so your customers can adjust their plans accordingly.

Same here. We had close to 20 'bogus' sites also. Again unsecured which was big concern for us. We also found employees using their company email addresses while doing outside contract work at other companies' Jira sites.

+1 here. It appears that our organisation has about 20 "shadow" (external) sites of Jira, Confluence etc.
This is for us a major concern because of IP-related content, security etc.
People who set up those sites usually don't have expert knowledge on how to manage and secure their sites.
This is something that should be left to the IT department.
We should have the ability to block the possibility to create those external sites. Furthermore it would be welcome if Atlassian displays a message or so forwarding them to the organisation's IT department when someone tries to create a site.

This needs to be fixed quickly - Thank you. 

Any update when can we expect this!!

Do you guys have a potential release date on this yet? I have a customer dealing with an issue as well.

WHEN ???

Favor providenciar a liberação de podermos através da console, desativar o produto TRELLO e os demais, pois não faz sentido, criarmos um procedimento para solicitar aos usuários que façam este tipo de exclusão.

Por sermos administradores da console, temos que ter a opção de desativar os produtos dos usuários quando for necessário.

Aqui na empresa, não é permitido o uso do TRELLO, por determinação da área de Segurança Corporativa.

Favor, acelerar esta atividade o mais rápido possível, pois isso este provisionamento conta como licença e isso gera custo desnecessário para a nossa organização. Temos no momento 889 acessos que precisam ser desativados com URGÊNCIA.

Obs.: Comunicados já estão sendo realizados quanto a não utilização do TRELLO com o e-mail corporativo, para que não tenhamos mais casos.

We have found the following workaround: we asked all users whom we detected have a free Trello account to log in and delete all their Trello workspaces (not their account since they cannot delete that). So basically when leaving an empty Trello account with no workspaces seems to count as no Trello product access any more and will stop counting towards Atlassian Access licenses. Maybe this helps someone.

It's really necessary!!! Please enable ASAP!!!

It is also a security risk.

this feature is needed asap please

So, we are not able to remove users WE manage from external managed sites via access? But we have to pay for them, even if they are only e.g., Jira SM customers who actually do not have a payed license in our internal Environment.

Wow, this is a great loophole, a money printing machine! I bet Atlassian Access is the fastest growing product of Atlassian! No one sued you guys for this?

This creates unprofitable churn for everyone. When something like this gets approved and an app starts in our system, we need to track down the people and explain the process which means we shut down the trial. Then Atlassian has left a bad and embarrassing taste in the users mouth so they go elsewhere. 

We have deployed Jira Service Management with premium subscription but we have been suprised that we have being be billed for Trello and Bitbucket personal's accounts or free and the IT budget allowed for Atlassian has been exeeded and the Top Management are really upsets !

Created 2020. Disappointing to see it took two years to reach in-progress status - An estimated timeframe would be nice. This gap will ultimately kill Atlassian for our company if not closed. 

It would be enough to give options on which accounts to actually claim in the process. Why would I want to claim Trello accounts from former employees that haven't used the product since 2016 anyway? 

Why would Atlassian hurry to fix a problem that is very  profitable to them?    

I have so many users who sign up for "FREE"  trello.   These users are not getting informed that their company will be charged for Atlassian Access and Atlassian Site administrators are not getting notified when the Atlassian Access bill user base increases  due to users using their company email on non-company endorsed Atlassian products like trello or Bitbucket in my case. 

The number of "unauthorized" Atlassian Access charges on my bill now surpass the legitimate ones.     This is crazy! 

I'd like to join the 992 other people screaming into the void on this thread.

So, Atlassian's chargeable flagship enterprise access tool, Atlassian Access, doesn't allow enterprises to reliably manage access to Atlassian's products? And hasn't been addressed in 2 1/2 years?

The product manager for Atlassian Access ought to be pilloried for this.

https://support.atlassian.com/requests/PCS-148294

https://getsupport.atlassian.com/browse/PCS-148258

Are there any updates?

I have similar issue since one year ago and no acceptable solution has been provided by Atlassian. Bills should reflect what administrators allows or not within a directory, here it's open bar for a end user to try a product and then Atlassian send the bill to the administrators... Atlassian Access billing policies should evolve not to impact Administrators or organization. Easily free products should not be included in Access billing like "non billable policy"

We have noticed an issue that auto signed users getting added to our ganization and billed for those users. Here we would like to have a feature to bill only those users admin invited similar like Github. Further discussion with Support, I was informed that this feature in consideration and development by this time recomeded to use non billable users policy. When I had a check I noticed we should opt additional service called Atlassian Access and pay for it. I feel like it is not accepatable, we should have some option to control billed users or have provision to add non billable users without any additional cost. Please sreview and support 

I have a similar issues, we are paying for Atlassian access for users that have a trello account they dont even use anymore.

Should be possible to have full control over managed accounts and all the Atlassian products they have on the managed account

Happy New Year Atlassian!

Just had an excellent email from you saying that I have exceeded my Atlassian Access tier.  Some of our adventurous users have installed Trello over the holidays and bounced us back over our licensed amount.

Will 2023 be the year where the penny drops and we can stop our users from dictating our licensing unknowingly?

My New Years' resolution is to remain positive with you guys, so starting off strong! 💪🏻 You can do it, we believe in you!

We have users with only Free Trello license that are in the provisioning scope of our identity provider (AzureAD) and with that, they are counted in Atlassian Access billing. 

In the managed accounts, I can't disable trello for users.

The most of them are not using it. More of 30 people have last login time before 2021.

If I exclude them from the provisioning, they can't access other products as a customer. For exemple, we use Jira Service Management as an Helpdesk for our internal factory.
So, it's not a solution for us.

You force us to pay for something we're not using.

We are using Access and experiencing the same issue with Basic END USERS creating new products. Why is this still only a Suggestion!!!!

This really isn’t good enough from a company like Atlassian, especially when we are being pushed into cloud hosted instances with monthly subscription charges. Until we can control our costs ourselves, Atlassian really shouldn’t be counting Trello accounts as a billable item.

We were due to migrate this december to Jira Cloud. Unfortunately, with this known issue, not progressing, we have decided to stay one more year on our internal Jira server.

We're currently implementing Acces and having the same issues with free Trello accounts being billed. Fixing this issue should be a top priority

I recommend bringing issues (if they are getting no traction) to your sales rep. I work in a support role and every issues is #1 to that customer but you only have so much bandwidth and people listening. Atlassian is getting pretty big now and has problems of a large company.

Checking in on a Saturday afternoon out of business hours to perform MANUAL maintenance on anyone in our organization who used to be able to use SSO, fancied trying Trello on a whim and now having to MANUALLY carve them out of our authentication policies so we don't get billed.

"Why do I have to set a new password" - great question Joe, it's because you downloaded Trello.

📣 Is anyone at Atlassian actually listening to what the problem is here? 

We shouldn't have our END USERS impact our billing without any level of control from administrators.  This is starting to be maddening how you are missing the complete point.  I don't want to buy Atlassian Access for 10,000 employees who need to submit tickets and read knowledge-base articles.

We want the ability to manage and control access to Trello free and Bitbucket, as it stands now users that are synced with Atlassian, are able to sign up for Trello free and charged an Atlassian access license fee. with no way of removing that access without removing them Atlassian and creating some hack policy in azure.  

We really wanted to see this implemented cz we have Atlassian Access subscriptions for 2,000 users. As a result of some users using Trello, which has a free plan, we have exceeded our Atlassian Access subscription count of 2,000.

We are facing a GDPR problem because we are not allowed to preventing users from singing up to Trello with their work email. This is not good at all.

WE NEED THIS FEATURE.

Hi Griffin,

Any ETA to communicate to us for this feature implementation availability through instances?

Thanks,

Valentin

We really wanted to see this implemented to Allow Administrators to control managed users' associated sites and products 

Hi Griffin -

Thank you for that explanation, but I think I speak for a fair amount that that is not the use case scenario for the vast majority of us.  When we claim a domain, any user who has ever set up a trello account in the past using the domain you are claiming now is counting as a billable user according to Atlassian Access.  This was our case.  We also have a limited number of actual licensed users, as the vast majority of our employees are considered customers, which are not billable.  If they then set up a "free" trello account that is now counted as a billable customer for a user who was not previously billable.  I would also like to point out that you mentioned the "Non-billable policy", however, as it has been stated previously numerous times, the non-billable policy is not a viable option for managed users as we are not able to move managed users into the non-billable policy.  At the end of the day, we are still in the same scenario we were previously.

Hi everyone,

I wanted to circle back around and mention, we have multiple teams – including the Trello team – actively working on a more proactive approach to control if and how managed users can create product instances. The timelines for Jira Software and Confluence, are more straightforward to determine than those for Trello and Bitbucket, where the product architecture is fundamentally different. Making this solution available first for Jira and Confluence helps inform our approach when it comes time to implement this for Trello and Bitbucket.

As you may be aware, a user becomes an incremental billable user in Access upon gaining rights to their first cloud product. For example, if a user already has Confluence and then creates a Trello workspace, that user was already billable for Access at the time they were granted Confluence access, and the addition of Trello does not cause an incremental increase in the organization’s Access bill.

Additionally, we introduced the concept of a “Non-billable policy” that you can set as the default policy when someone joins. We developed this for admins who don’t want users that are manually invited or signing themselves up to count towards the Atlassian Access subscription. Instead, you can automatically add them to a default non-billable policy. For more information: https://support.atlassian.com/security-and-access-policies/docs/understand-authentication-policies/#To-make-a-default-policy-non-billable

To address concerns beyond the Access bill, admins can get in touch with users to shut down unauthorized Trello workspaces. If there is no response from the user, admins can reset these users' Atlassian account password and access their Trello interface directly. For more information: https://support.atlassian.com/security-and-access-policies/docs/how-to-work-with-admins-of-discovered-products/

Lastly, I want to acknowledge that your concerns around Trello are valid and top of mind for us as we start building this feature set. We understand that for some, Trello is the primary driver of this issue and it’s paramount we enable customers with controls to manage this.

Best,

Griffin

Guys, Atlassian isn't "missing the point". They KNOW we're upset about Trello "free" users being unmanaged. They don't care because it generates them revenue.

This is a huge scam and if it was up to me my company wouldn't be using this product any longer,

Trello MUST be considered in phase 1....

Fully agree with others who have posted, and I am going to repeat what I mentioned before, because Atlassian is completely missing the point.

This is completely unacceptable and very unprofessional from Atlassian. 

Atlassian is selling:

• Jira Service Management , with the functionality of portals and "portal customer accounts",
• Atlassian Access for "adding enterprise-grade identity and access management (IAM) features to the central admin console.".

Then, and according to https://support.atlassian.com/subscriptions-and-billing/docs/manage-your-bill-for-atlassian-access/

Jira Service Management portal customer account are not considered a unique billable user for Atlassian Access, but still covered by Atlassian Access features.

Our organization requires SSO and IAM security controls, which is why we chose this product.

However now that we are implementing, and spending thousands of $ on this already, we learn that any of our users that has used Trello (free plan) at least once in the past 4.5 years (since Feb. 2018 and later) is now counted into Atlassian Access billing, completely negating the non-billable aspect of JSM portal customer account.

This applies to hundreds of our accounts, driving up the monthly Access bill to ~$1800 monthly for over 500 users that at some point interacted with Trello, whereas in reality actual agents are <100 (<$400 monthly).

This in itself would not be a problem, if Atlassian allows us to remove and block Trello product access from these accounts, which Atlassian does not allow.

It's an incomprehensible situation that Atlassian charges us for this and we cannot cancel / block Trello access.

Both of the 2 offered workarounds are not viable:

1. To "deactivate the user accounts" which is impossible since we require them activated, as portal customer accounts, to access the Jira Service Management portal.

1. To "add affected user accounts into non-billable authentication policy and let affected user accounts to login service desk portal via username and password" - this kills the Identity Provider link, so there's no SSO or IAM controls, which we require and what was sold to us as being possible. 

This needs to be adressed by Atlassian per the highest priority.

The fact that this ticket is around since 2020 and having status "Suggestion / gathering interest" is not looking good by any means.

It's certainly unacceptable to us and without a doubt to many other larger companies that require ful SSO/IAM security controls on their SaaS applications.

Hi gjones@atlassian.com, please do listen to the feedback comments on this ticket and enable admins to control Trello & Bitbucket product access. This should be the main priority, because currently admins have no means of disabling user access to these products other then disabling or deleting the user's entire Atlassian account, which is not in our or Atlassian's best interest. Admins would like to simply be able to revoke user access to Trello or Bitbucket (like we can for other products), without having to delete or disable their entire Atlassian account. By continuing to tightly couple access of these products with the user's Atlassian account, with no option of disabling access to those products, some organizations are forced to disable Atlassian accounts entirely for users (which I know because I've had to do so in our organization for many legacy Trello users that would otherwise be billable). Non-billable policy, is not a solution to this problem, we should not have to sacrifice security feature like SSO and others, because appropriate product access controls aren't available. Please fix this.

What's the point of a feedback if it's not taken into consideration?

This is a punch in the face to the community. Or, well, to paying customers...

I have to pitch in and agree with the rest here: Trello and Bitbucket are the ones that cause problems. So these should go on Phase 1.. at least trello!

I am cynical.

Atlassian are fixing the things which are important/non-urgent to THEM, and ignoring customer-centric important/urgent items (the revenue generating ones) for the moment. It means customers keep paying for a "free" service over which they have no control for another year or two before it is "fixed"

Once completed, I fully expect Atlassian to announce the fix as a new feature.

I would love to be proved wrong, but...

Agreed, Trello and Bitbucket are the ones that give problems, not Jira or Confluence

It's great to hear there is some progress on this - but it sounds like it's really missing the core issue here

We are scoping out corresponding controls for Trello and Bitbucket for the next phase of the project.

These are the ones that need urgently addressing!

The fact that something is being done to address this is great but in the meantime the customer is bearing the costs of Atlassian's free demo software.

There may be contractual issues with this. 

So happy you guys are actually listening, but you seemed to have missed one of the central pain point themes in this thread...

"It's the bitbucket, trello nonsense that magically charges our accounts but we have ZERO ability to do anything about it. "

C'mon!!

Please make Trello part of phase 1, that one is critical. 

Great to hear

Glad we got some response after few months.
So, what alternative solutions do you provide until you fix the problem for customer who are getting billed for Atlassian Access unnecessarily.

How about these below options:
[OPTION 1] Do not charge for Atlassian Access licenses until this is resolved.
[OPTION 2]: Make the non-billable policy as the default policy. 

Thanks for the update. While this is being worked on, can you please remove Trello-only users from Admin, or at least make them like Service Desk Customers and non-billable? No control over added costs is our primary complaint.

Please make Trello part of phase 1, that one is critical. we need to be able to stop all of them from happening.

Atlassian is missing the point. Jira, Confluence already have controls - even if reactive. We can delete an account that someone provisisoned.  It's the bitbucket, trello nonsense that magically charges our accounts but we have ZERO ability to do anything about it.  

Hi everyone, thank you for the lively discussion and feedback on this ticket. We hear your concerns and are committed to providing more updates and transparency on the work being done to resolve these issues.

We understand Atlassian admins are looking for more advanced security controls over what their users create. ‘Automatic Product Discovery’ gave organization admins visibility into what products their managed users created outside of their organization.

We are currently working on the next iteration of this feature set, which aims to enable admins to determine if and how managed accounts provision new product instances. After conversations with customers, two themes have emerged that are now the main focus of our solution’s approach:

1. Admins would like the ability to block new product instances being spun up

2. Admins would like users to request new instances to be created, as opposed to having those instances created automatically

Over the course of Atlassian's FY23, our focus will be on delivering these controls for Jira, Confluence, and Jira Service Management. We are scoping out corresponding controls for Trello and Bitbucket for the next phase of the project.

We plan to deliver this functionality to you over the course of FY23 and will use this ticket to provide updates. As we progress, as always, please feel free to leave your feedback. We understand that this feature set is essential, and we are committed to delivering a solution that meets your needs. We appreciate your patience.

Definitely a massive issue. We went from 6 access license requirement to 36 because people had signed up for free trello. 

We need to be able to disable this feature so users are not signing up for trials.

Where we have security and regulatory requirements that demand applications are validated this administrative mess is an audit trap.

I don't expect Atlassian to do anything about it because they seem to be building a thunder cloud for admin on purpose.

I note the patronizing email today telling admins that it is their duty to cleanup their cloud instance. Dear Atlassian, you made it a mess in the first place.

+1

Arrived at this issue too,  everything that David Meredith said, spot on.
Start with removing the Access Billing for Free trello

This might make more admins sign up for it as removes the uncontrollable potential cost.

Atlassian out here promoting "Atlassian Together" by bringing other tools into the Atlassian ecosystem friction-free and making it incredibly hard for admins to navigate access and billing to their own products.

Just let us remove Trello from managed accounts or allow us to use SSO with free watered down products like any other normal company?

I don't expect anything to happen soon - and in your last sentence you precisely highlighted why, David M.

Benefits of Atlassian access for: Jira Software | Work Management | Service Management | Confluence | Bitbucket | Status Page
I can manage product access, licencing, SSO. (Including non-licenced customer users)

Benefits of Atlassian Access for Trello (Free) | Bitbucket:
NONE, I can't manage product access or licencing and it costs me extra with literally no benefit.

If 2000 of my users decided tomorrow, to sign up for a free Trello account (which I can't prevent them from doing), they'll massively increase my Atlassian Access bill. Even if they never use Trello ever again. As an admin, I can't remove Trello from their Atlassian Accounts. I'd just be stuck paying for them forever, or disable their entire Atlassian Account, losing access to the products I need them to access.

Atlassian Access already has the concept of non-billable users for JSM customers, because WE DON'T PAY FOR LICENCES FOR THEM. It would not be difficult to extend this to Trello Free accounts, it's not as if Atlassian Access doesn't have access to this information. SSO would still work as it does for non-billable JSM customers.

I'd like Atlassian to prove me wrong here but I don't think they want to fix this. It generates additional income for them which appears to be worth more than the experience of ~800 admins.

+1
I want this as well. It cannot be that a Free Trello will be considered as billable product.

This issue needs fixing, if you are using the Access module, you should be able to control the cost.

Why can't they apply if the Trello license = is free do not bill very simple

https://getsupport.atlassian.com/browse/CA-1952401