Current Behaviour:
Currently, the org. audit log only has the capability of reporting events related to a managed user or claimed domain, but not external users. An "external user" is a user who's Atlassian account email address is not on any of the organization's verified domains or claimed accounts.
It is currently not possible to audit how, where and when external users are authenticating on a Cloud site where they are considered an external user.
Suggested Improvement:
In the context of "external user security", external users are authenticating against a particular Cloud site or Atlassian organization. Currently, there aren't any logging events or triggers that support this action. Current audit log logic displays events triggered by Atlassian account related actions, but not authentication events related to a specific Cloud site.
For example:
- A managed(internal) user logs in to their Atlassian account which causes the "Logged in to account" activity event to be displayed in the org. audit log. This event is not displayed for an external user - however, this event itself is not an indicator that the user has accessed any Cloud site data
- It's possible that an Atlassian account user is accessing data belonging to an organization other than your own - i.e. their own Cloud site
- For an external user, the "external user security" flow starts when the external user tries to access a specific Cloud site/org. where "External user security" features have been enabled - the org. audit log should be able to track these events where an user is attempting to authenticate and is an external user
Include audit log triggers and events/actions regarding:
Why this is important
As "External User Security" supports MFA and will support enforced SSO for external users, it is important that org. admins have the ability to audit external users' auth. and sign-on activities.
ACCESS-1362 Enforce SSO for users on unverified domains (external user security)
Page Failed to load
Page Loading...