-
Suggestion
-
Resolution: Unresolved
-
None
-
40
-
User Problem
External Users can be required sign in through an org controlled SSO, but these users are billable.
See Available external user security policy and settings
Not all external users are equally trusted. So it should be possible to have multiple groups of External Users and require most to undergo the security step up, but others if you know they belong to a trusted organisation or domain should be able to bypass this step up.
Suggested Solutions
Enable a multiple external user security policy or implement add conditions to apply the security policy.
Current Workarounds
None
[ACCESS-1952] Allow Multiple External User Security Policies
We need this urgent too and have been waiting since month for a solution. I don't know why Atlassian implemented it so badly by only leaving one option?
We are an enterprise sized organization. We provide services to similar enterprise sized organizations. We would like to cooperate with them in Jira for ticketing.
Currently we cannot have SSO setup for our different customers, as one IDP has to be chosen for all external users.
If we setup SSO, and even one of our customer is unable / unwilling to use it, we cannot onboard them to JIRA.
Atlassian advertise its products with huge efficiency gain. If we cannot use Federated Identity Management and manually has to manage hundreds of users, we won't see any gain. This functionality is not adequate on enterprise level.
For each IDP we should be able to set SSO / OTP separately or a setting that the SSO is provided by the IDP the user is provisioned from.
eee30c920d0f Our organization would use IDP groups to better control the access for external users, but I don't see why the functionality should be any different then the Managed Users. Are you still in the information gathering stage for this change, or can we expect any delivery of this functionality soon? Thanks in advance.
eee30c920d0f I would just like to see an additional policy, where we can add users manually (or via CSV). IDP groups would be a nice feature, but we dosnt need it right now. Its important for us to have another policy in place immediately so we can get started with our first customer.
Understood and we have all or none today (except for the test policy which is very limited). Hypothetically how would go incremental? If we decide to support this in the future, how would you plan to roll this out? Would you use Identity provider Groups / Roles / Domain levels or just use a CSV file with a list of users?
we would like to switch our user policy for our external users to SSO, but we would like to do this step by step for each customer without having a big-bang. This is currently not possible because there are only two policies and the one of them - the test policy - only allows a maximum of five members.
Agree, this issue would solve a huge problem with one of our customers, using our tenant.
We have possibility to configure multiple IDPs , multiple sites but not multiple External users 
The reality is many Orgs work with multiple sites and multiple external users.
Could you implent this feature? Thank you.
Similar to others, we have 400 external users, each with different IDP's(Entra, Google, none) so I need the ability to push certain external users to a policy that they can utilize and the rest into OTP. If I'm forced to choose I currently only can setup OTP. This needs action.