What? Why is this only rolled out to enterprise customers ? We need this on premium plan also, we also need to be able to control this.

"Please help me, I'm drowning in unregulated instances of Trello being spun up and taking up SSO licenses"

Atlassian: "Sucks to be you, dude. Would you like to pay more instead?"

Looks like the community post only mentions the enterprise tier.
A feature tied to security improvements being pay walled is absolutely pathetic.

Might as well delete your core values off your primary website as based on your recent product deliveries you're no longer following half of them.

Absolutely disgusting decision to paywall this behind Enterprise. Guess Atlassian is striving away from their core values. "No Bullshit", am I right?

Great support. Glad to see this being rolled out finally. I'll be enabling this as soon as I can.

What is the timeline for rolling this out to Premium and Standard subscription levels?

@Atlassian.  UPDATE?

I'm not sure if this might have been stated already, but it seems like a simple fix would be to allow people to change their email addresses for Trello from their company managed email to a personal email address.   Then the problem goes away from an access license consumption perspective.

Hi Griffin,

You've promised this feature to be shipped in "late summer 2023". Now, the summer is gone. When can we expect an update, or the feature shipped?

Thanks,
Bela

@Tom Hawkins,   they pulled this same garbage with controlling users ability to create a free product instance, specifically trello, via Atlassian admin.  'oh its rolling out soon'   became 'its only for enterprise users.' so basically if you wanted to buy a feature to stop used from using a feature... pay us.

@Thomas Weston @Mark Benson not sure that the 15 May update ever mentioned Enterprise only, still waiting for a reply from @Griffin Jones to the below:
060d05276a1e added a comment - 11/Jul/2023 8:53 AM
@Griffin Jones, your Atlassian Update - 15 May 2023 doesn't mention it being for Enterprise users ONLY, so is it just that Enterprise users are getting it FIRST? If so, what's the ETA for other tiers? If it's to be ONLY Enterprise users EVER, then agree with @Robert Condon and other commenters. 

@Thomas Weston - ahh the good old ninja edit and just pretend like it was never the actual plan... classic.

It seems the 'enterprise' wording in the update from Atlassian has been removed here. It's still there on the product updates page, though

Hi Griffin,

Was anything rolled out or is there a definitive timing for it?

https://getsupport.atlassian.com/browse/PCS-204613

https://getsupport.atlassian.com/browse/PCS-204062

Hi,

You surely must ship this to any Atlassian Access subscriber because this is becoming quite of a nightmare between new instances spun up and free Trello accounts created... It makes absolutely no sense to bind this feature to the enterprise plan.

If you stay true to your values and want to make collaboration painless, you must ship this feature for any Atlassian Access subscriber so we can consolidate collaboration within a company by disallowing managed users to create new sites or use Atlassian tools that are not sanctioned by the company.

This is a huge mess right now.

Cheers.

Julien.

P.S: An update would be appreciated also, thanks.

Does anyone know a EAP or rollout date for this "late summer 2023" is this implying September?

Hey people, I'd say if you have an Atlassian CSR you should mention stuff like this to them. I've always had good luck in getting my CSR to pass along my feedback to product teams. It doesn't always change the outcome but it's a good additional avenue to let Atlassian know what's not working for you. 

I can only hope that some engineer somewhere is going to get this done this quarter.

please add to the user story:
"PREVENT access to specific product"

So Atlassian, the community launches a really needed feature, you implement it and than charges extra money for it while it wasn't even an idea of you in the first place but ours !!  I think this is preposterous. Secondly it's surely a security issue so it must be available by default for all plans.
Those shadow environments are always free plans in our case. Just a few days ago I received an invitation email to see the Security Bulletin.... A quick read learns that only vulnerabilities, remote code execution or injections are covered. Shadow instances can also can leak information. But hey, it seems to me that this doesn't count.
So Atlassian: please put yourself in the situation of the CUSTOMER, not your wallet!

Claudio - you're not alone.

I'm subbed to this primarily for the security reasons - we wanted to prevent our user base from creating their own unapproved free mini versions of the products that could technically be used to represent the company externally.
Which currently cannot be done... unless you pay for Enterprise apparently.

All the comments around Atlassian Access and associated costs are valid, but am I the only person seeing this as a security and risk problem before being financial?

I don't want user in my organisation sharing potentially sensitive data in platforms/instances that are not managed and therefore don't have the level of controls we require to operate.

It would be great to update the 'Current Impact' section of this ticket with these considerations.

Hope it can be put on the schedule as soon as possible, this function is very important for a large-scale enterprise.

Enterprise licensing is per user (based on tier) and includes Atlassian Access license per user... Atlassian Access IS NOT unlimited for enterprise.

In fact, Atlassian Access is managed at the Org level not Site level. Product access and billing is done at the Site level but not for Atlassian Access. Accordingly, these features should be added to the Atlassian Access product because it would make Atlassian Access behave consistently with the core products and Atlassian Cloud structure. 

The issue is where this product feature belongs. It is a feature of the Atlassian Access product.   It is included in the Enterprise subscription. But I believe this is the first time Atlassian has added a feature to Access and only offered it to Enterprise subscriptions (where Access is automatically included) and not the consumer who pays for the Access product separately.  

I'm not saying I agree that this should be an Enterprise-only feature, but for everyone who's complaining that there's no point to it since enterprise already has unlimited Access, remember that there are other considerations at the enterprise level besides cost. Shadow IT can be a security issue as well, and for us, at least, that's definitely a reason to have this functionality available.

Access is a product that is sold separately. This is an enhancement to manage the addition of products that directly impact Access costs.   So what is the purpose of adding this to the enterprise only where Access is already included and the enterprise users have unlimited instance use rights? 

The product team has no clue about the benefit of the enhancement to the user community they serve! 

the whole Desire for this is to prevent JSM customers from then consuming an Acccess license.  we ahve 30,000  customers in JSM and if they decide to go  starta  free trello account it will then cause them to consume a Access license. this is a POOR design at best.
if this is roled out for enterprise (which has unlimited Acccess license)  it is near pointless.

the fact this is enterprise only is an EXTREME money grab.

Team,

A customer has the following question about the new feature, could you please help?

Will this feature grant org admins control over these already created sites?
How will this integrate

time line? this is insane this does not exist already.

For those of us on bundled release tracks, when can we expect to see the request for products settings in our admin panel? 

I take it this is the feature we are talking about:

https://support.atlassian.com/organization-administration/docs/manage-your-users-requests-for-products/

Alltho i am sure Enterprise customers will appreciate the ability to handle there ShadowIT better, this is a problem for everyone that uses Atlassian Cloud products. Ontop of the security implications, there is the fact that the current system actually bills us for the usage of products that the admins of Atlassian cloud solutions have no control over.

Atlassian access is included in a Enterprise subscription, so this feature effectively only solves a small part of the problem that most of the comments in this thread actually have - and have pined there hope on this feature to solve.

Can we get a confirmation on weather this feature just "rolls out first" to enterprise customers. Or if it will stay "enterprise only", if the latter, is there other features in the pipeline lat will actually solve the problem of Atlassian Access billing outside Administrators controls. Or is it 100% intentional that we have to babysit Atlassian cloud daily to not get unpleasant surprises ?

Thanks @Robert Condon. I'll try it.

The most reliable method to remove Trello users I have found:

1. Raise a request with Atlassian to break/remove the SCIM link for the user
2. Once this is done, you can edit the email address (I add _OLD)
3. Move the user to a non-billable policy
4. Re-provision the user
   They will get a new Atlassian account that is not linked to the Trello account

This is far from ideal because:

• You will need to reassign all Jira/Confluence items
• They will not be able to access between steps 2-4 (which in my organisation can take at least a few hours

The advantage is you retain the Trello account and can amend to any email address in case of needing to access again in future, and remains instead of being deleted

How can you tell the users themselves to delete their trello account? According to the  link [Delete your Trello account | Trello | Atlassian Support|https://support.atlassian.com/trello/docs/deleting-your-trello-account/] you have to delete the Atlassian account and that is NOT possible, they have access to other products.

no, for my understanding, this is only to prevent users from creating new products. 

Will this feature make possible for us to disable Trello users?

Use cases:

1. People unintentionally or for exploring purpose joined Trello and they don't actually need it.
2. People needed it in the past, and they don't need it any more.

While I'm glad that I've been able to limit the creation of Team-based projects to myself and those in a small group, I'm deeply troubled that just anyone can stumble upon the settings that allow them to create an whole new instance. I've had this happen twice now in the two years that I've been a site and org admin for our subdomains, and learning that a salesperson or a support agent has either accidentally or intentionally created an entirely new instance where they are lord and master is simply unacceptable. In order to mitigate this situation I need to request access, then teach them how to make me an org admin, and then remove the instance entirely.

Pay walling the ability to prevent this is, in my opinion, atrocious. 

Please enable possibility in / for Trello for users to be unsubscribed / deactivated in any way, to avoid unnecessary costs for users who don't need Trello anymore or didn't ever use it / just logged in there (for any reason.

I wonder what type of brand damage this is doing to Trello. We've completely hard-blocked it in our environment now and everyone knows to stay away from it.

What may have been considered a temporary malfunction is now clearly defined as a forced sale.

I guess now you have to legally contest or leave.

@Asher Francis - this is the Asana model.  

In Asana, users on a team can literally invite anyone, and hit or exceed the license cap.  Billing Owners/Admins have zero ability to stop it.  Nice to see Atlassian is following other's poor leads on this one.  

I'm honestly still not sure how Atlassian are getting away with not fixing this for all users, regardless of what plan they're on.

They are forcing their customers to pay more for users who sign up for FREE software, where those users have NO IDEA that what they're signing up for is not technically free, because it contributes to a bill somewhere else.

I'm pretty sure what they're doing is actually illegal, and should it be investigated, they would be in a lot of trouble.

This is primarily an Access issue and it should have been rolled to all Access clients. Atlassian is trying to find a tiered version for Access and forcing people to go to Enterprise- shame on them.

Agreed with the recent comments.  This should at minimum be included as part of Atlassian Access.  

> Hi everyone, We’re excited to share our latest soltion for this ticket. Guess what... In order to let you pay less by restricting usage of other Atlassian tools for your own users, we let you pay more to get this exciting new Product Request feature... Win win, or? 

Maybe I missed an update, was there an announcement somewhere that I missed about this being Enterprise-only?

If so, I'm with everyone else in being very disappointed with this implementation. This would seem like a money grab one way or another, either extra costs to Atlassian are slipped in through unsanctioned sites or the forced upgrade to Enterprise.

@konstantinos Tekelis 
Here's the original Notification:       

Prevent your users from signing up for products

ROLLING OUT

With an Enterprise plan, you can now prevent your managed accounts from signing up for products on their own. When they try to sign up for a product, we send them to a page where they enter details about how they plan to use the product. You can review all your users' requests, from the Product requests page. Learn more about product requests
"

@atlassian,   

The  "Learn More" about this request page appears to be down:

For  Enterprise plan only!!!    

So all of us who are "premium" plan have to continue suffering the consequences of a badly designed system that allows users to continue to spin new instances and increasing our Atlassian access bill.  

Your using a problem YOU created to market your enterprise plan.    I'm not interested in an upgrade.   I want you to fix your badly designed system.   I shouldn't have to pay more to get a bug fixed.    

For  Enterprise plan only!!!    

So all of us who are "premium" plan have to continue suffering the consequences of a badly designed system that allows users to continue to spin new instances and increasing our Atlassian access bill.  

Your using a problem YOU created to market your enterprise plan.    I'm not interested in an upgrade.   I want you to fix your badly designed system.   I shouldn't have to pay more to get a bug fixed.    

..................................

Agreed - this should be a feature for all Atlassian Access subscriber orgs, not just Enterprise.

@Griffin Jones, your Atlassian Update - 15 May 2023 doesn't mention it being for Enterprise users ONLY, so is it just that Enterprise users are getting it FIRST? If so, what's the ETA for other tiers? If it's to be ONLY Enterprise users EVER, then agree with @Robert Condon and other commenters. 

If it's really only for Enterprise level users: Very big thumbs down ... Atlassian, are you serios

What even is the point of having this on Enterprise?

I'm sure 99% of us are here because we want to control our Atlassian Access bill, and it's free/included in Enterprise plans for Confluence, Jira Software and JSM, so there's not even a significant use case for Enterprise

Although I suspect that's the point.......

Based on the changes sent out today it seems like this now is a thing, and is being rolled out - something we've wanted for a long time.

However unless I am mistaken it appears to be paywalled behind Enterprise
Way to screw the smaller orgs who still have users going out and creating their own unsanctioned free instances of the products...

I'd prefer to just straight up turn it off though, none of our global admins want a bunch of random "I'd like my own Trello instance" requests.
Also a bit difficult to learn more about it as the link just goes to a 404 currently.

Prevent your users from signing up for products

ROLLING OUT

With an Enterprise plan, you can now prevent your managed accounts from signing up for products on their own. When they try to sign up for a product, we send them to a page where they enter details about how they plan to use the product. You can review all your users' requests, from the Product requests page. Learn more about product requests

To prevent users from signing up for products:

1. Go to admin.atlassian.com. Select your organization if you have more than one.
2. Select Security > Product requests.
3. Select Update request settings.
4. Find the products that you want to prevent users from signing up for. For each product, select the dropdown under Request setting and select Require admin review.

@Chuck,

But then you need the password (and mfa) for all users...
Not really an option in a big company.

I tried this with users, and it worked.

You just have to login in to Log in to Trello as the user and leave thier boards (delete them if you don't have the option to leave) and delete thierr workspaces.  Instructions on how to do so are below.

[Leaving a board in Trello | Trello | Atlassian Support|https://urldefense.com/v3/__https:/support.atlassian.com/trello/docs/leaving-a-board-in-trello/__;!!IxnR!0NhM9sOlq2ltbylDJlzTALUqDKR4jOKxSc0wp9NtDMjG9Elc6L5YhECVqpIGSSiehXWxV6Hlptlfu6o_OEIxRwJLcs3k$]

[Deleting a Workspace | Trello | Atlassian Support|https://urldefense.com/v3/__https:/support.atlassian.com/trello/docs/deleting-a-workspace/__;!!IxnR!0NhM9sOlq2ltbylDJlzTALUqDKR4jOKxSc0wp9NtDMjG9Elc6L5YhECVqpIGSSiehXWxV6Hlptlfu6o_OEIxRwbkqjVS$]

Are we sure that the summer release is going to solve the Trello problem or is this only going to stop the spinning up of new "instances" or sites initially? I would hate for the first release to not address the biggest problem for most users. 

@Elizabeth Lee, as a new Atlassian Access user I'd be happy to provide feedback, thanks @David Meredith for the link! 

This seems like a lot of effort to solve the "free Trello users are chargeable on Access" problem. There should be a way to kick off (or not charge) for users that have these free Trello accounts. A future-looking approval process doesn't address that.

Same problem. We can't delete users from Trello free

We are just moving to the Cloud and right out the gate Trello users are causing us issues with our Access Count.   Makes no sense we do not have the ability to control these users account to knock them out of Trello or better yet if they are on a Free version of Trello it does not count against our access count.  

I'm happy to offer additional input and feedback.

Most customers I work with feel this pain...

I've given ACE talks and written articles on how to streamline billable users:
https://uk.devoteam.com/expert-view/atlassian-access-streamline-your-billable-users/

Volunteer here for Feedback.

I can provide feedback.  Thanks for asking,

Ravi

Hi ca57b5189732, thanks for the update, I would be happy to give feedback.

Same as Esther here. The very cause of this ticket is that our users create new instances unknowingly / unfaithfully. If we have to rely on them asking voluntarily for permission to create new instances, we might very well forget it... 

I'd be happy to provide feedback as an org admin!

@Elizabeth Lee - more than happy to provide feedback on Discovered Products.

Adam.

Hi everyone,

My name is Elizabeth, and I am a product manager working on Discovered Products. We are conducting research to improve Discovered Products, and we’re looking looking for Org Admins who would be willing to provide feedback to us about their experience with Discovered Products. Please comment here if you would like to setup a 30-minute session to discuss your thoughts.

Our feedback collection process will end July 28th, 2023. Thank you!

@griffin jones:

"Product Requests will give admins the ability to deny new product instances from being spun up through a lightweight ticketing system."

How exactly will this work? Will the attempt to spin up a new instance automatically create a new ticket in this proposed system, or will it rely on users creating a ticket to request a new instance? If the latter, that's not a very good solution, as it relies on the honor system. We already can't trust users to not spin up instances; why would we trust them to use this new ticketing system?

Agree with the sentiment of the other replies here particularly for Trello. Once a domain is managed the admin must have the control to lock users out and remove boards created under the domain, Relying on having the users have to login, particularly when many have left, is not a valid solution. 

The update form Atlassian in October seems to only apply to NEW instances. What about the old existing ones that need cleaned up?

This is a major fail on Trello/Atlassian’s part.  Several years and you still have not fixed it.   Bad form.  What good is an enterprise account if users can just go out and continue to create stuff outside of the Enterprise while still using an enterprise provided email address?  This is crazy.  I can’t even begin to imagine what the heck your guys were thinking. 

I don't know if the same would apply for Bitbucket, but when we first implemented Jira, we had a large number of users with prior Trello accounts which we weren't aware of once we converted them to managed accounts.

We found the easiest thing to do was to give them a bit of notice (in case they wanted to export any info) before requesting Atlassian hard-delete their accounts. Once the account was deleted, the user(s) signed back in via SSO and there were no more links to past Trello instances.

Asher,

I don't think this will help.
For example my account (with Atlassian access) still lists Bitbucket but when opening Bitbucket my only option is to create a new workspace.
I deleted all my workspaces, but Bitbucket is still being shown/billed with Atlassian access.

For my account not an issue since I'm using other Atlassian products (jira/confluence) but we also have some users only linked with bitbucket....

Stephan, they're introducing license management for Bitbucket in early 2024 for existing customers. See the latest comments from Atlassian here:

https://jira.atlassian.com/browse/ID-6733

It's not only Trello, we also have some users with Bitbucket.
And you can't delete your Bitbucket account...

@griffin - Does that only refer to PRoduct Instance? Does that include Trello because that's also a problem especially we have no control on people signing up an account. 

Add one for Trello, bam, no more problem

just like the other Toggles for

Software

Confluence

JSM

Atlas

Bah cant add image

How about a better way to manage Trello subscriptions?  It is not as straightforward as contacting the admin of a discovered product.  What happens if the admin changes the email to personal email and all users are still using the domain email addresses, what options do we have?  

The fact that there is no way to put policies around approved products and sites and Atlassian Access to work within the approved products/sites is an issue.  I do not see the enhancements covering that.   

f4ee8ec1a852, 

You can contact our support team to start the process of taking over their account and the subsequent products that they own. Please see: https://support.atlassian.com/security-and-access-policies/docs/how-to-work-with-admins-of-discovered-products/

Best,

Griffin

I'm happy that this is a 'stop the bleed' type activity / functionality... Which is nice, it'll stop things from getting worse.

However I'm sure you'll be getting feedback that there needs to be far more done to remediate the existing products that claimed domains have signed up for in the past which regularly impact on customers bills.

We've stayed tuned since Access came out. Please share with the community what next steps are being worked on to address the problem of existing users that have claimed products already.

@Griffin

What about existing products that are already costing us with unnecessary licensing with Access?

Hi everyone,

We’re excited to share our latest update on this ticket. Since our last post, we’ve made significant progress, and plan to ship the first iteration of this feature this summer.

In early 2023, we presented our proposed solution, named Product Requests, to our Customer Advisory Board (CAB). Our CAB has highlighted their need to control managed users' and user-generated instances for some time, and we’re happy with our upcoming feature capabilities. Product Requests will give admins the ability to deny new product instances from being spun up through a lightweight ticketing system.

We plan to ship Product Requests in late summer 2023. Stay tuned for more, and thanks for the feedback and engagement.

Best,

Griffin

Atlassian does not understand enterprise support. This is another example.  Frustrating!

Thank you both so much. It is ridiculous. I am currently removing products created by people no longer with the company and the hoops you have to jump through are insane. Being admin should mean complete control - not only control over certain things and in other areas users can do what they like!

Lisa, I opened a helpdesk request with Atlassian and had them send me an export of the directory. Then I sorted on users that had Trello.

I then called Atlassian billing and was informed that due to their privacy policy, each individual user must respond and personally ask via email to have your Trello account deleted.

I emailed them to reply to all on the email for the helpdesk request and ask that thier Trello account be deleted and it worked.

The fact that Atlassian provides no way other that this for administrators or end users to delete their Trello accounts is ridiculous.

Thanks,

Chuck

Lisa, if you're using Atlassian Access, go to https://admin.atlassian.com/ then click on "Directory" and in the "Product access" dropdown, choose "Trello". This will list any users who have signed up to Trello using your managed domain accounts. 

How can we see how many Trello accounts are out there created by people with our domains that we manage - why are they not shown with the discovered products?

Really need this feature, it's crazy that we're being asked to pay for Atlassian Access fees for old Trello accounts that are no longer being used! Will we be given a refund for all of the additional Atlassian Access fees we've paid?

As the Org/Site Admin of my account, it's honestly hard to comprehend that I do not have the ability to block staff in our domain from adding products. We subscribe to Atlassian Access as well, and given the substantial cost of that, it is seriously lacking in functionality and control. Very disappointing that this ticket has been running for 3 years, regardless of the necessity of it. Please Atlassian, stop working on new bells and whistles until you can make the core system do the basics.

Not having this basic level of control, on an expensive cloud app is like leaving the door to your apartment open, trusting the other building residents won't let themselves in. You wouldn't do it at home, don't force your subscribing org admins to do it with our accounts.

If you can't practice zero trust.... you are completely out of touch with modern workplace technology and information security and that is just not acceptable. 

I'm sorry if this sounds harsh, but come one... seriously. Security and administrative control by those of us paying for these tenancies has to take higher priority.

Adminssss, where are you? were you sleeping on these product features?

It's like you have a nice house, nice car, want to show everybody, and brag about it, but you lost the fking key to the house! It's embarrassing. 

This issue being left unresolved for so long is costing Atlassian Access users money that shouldn't need to be spent, wasted on the fact we don't have the control we need over our own verified domains.

This has thrown a massive spanner in the works for my organisation's migration from JSM Server to Cloud. I no longer am confident the migration can proceed with this issue outstanding.

According to Atlassian's documentation, a user is not considered billable if:

• "They have a Jira Service Management portal customer account (portal customers who have an Atlassian account are covered by Atlassian Access features, but only agents count as unique billable users)."

However, if any of my 2,500+ customers (in addition to people who have long left the company) have at any point over the past 4 years decided to sign up for a free Trello account they are inexplicably regarded as billable. This is not clearly articulated in Atlassian's documentation - documentation which me and it would appear, countless others have relied on to inform their migration efforts and budgets.

Needless to say I was shocked to see hundreds of inactive Trello accounts across my domain regarded as billable users on Atlassian Access with no ability to unlink Trello or manage the accounts without killing access to all Atlassian products (thereby removing customer portal access!)

How is it possible that a product claiming to provide 'enhanced governance' and 'enterprise-grade access management' can allow any staff member to just create a free Trello account at any time and subsequently result in us getting charged without our knowledge? 

Consumers have the right to expect certain things when they purchase a product or service. In Australia these rights are protected under consumer law. It is evident in this ticket that Atlassian's marketing around Access does appear to be incongruent with what is actually being provided in the product. It feels misleading.

Please provide an update on what is happening with this issue.