Allow Org Admins to control Product Access for Managed Accounts from External Atlassian Cloud Orgs

XMLWordPrintable

    • 3

      Problem Definition

      In our current setup, managed user accounts can be invited to other, external Atlassian cloud organisations and granted access to their products (e.g. Jira, Confluence).

      Once this happens, organisation administrators have no ability to remove or control that external product access for these managed accounts.

      As a result, those users continue to be treated as active managed accounts and are billed under the Atlassian Guard subscription, even when their product usage is driven by another organisation.

      This creates two key issues:

      1. Lack of administrative control – Org admins can't centrally manage/revoke product access for managed users across external Atlassian cloud organisations.
      2. Unnecessary billing impact – Organisation continues to incur Atlassian Guard subscription costs for users whose primary product usage may be outside our control.

      Suggested Solution

      Proactive:

      • Whenever the users get invited to the external Atlassian organisation, the organisation admin should get a notification and needs to approve the request before the user can accept the invite.

      Reactive:

      • The ability to revoke or restrict product access for managed accounts across external organisations, or otherwise prevent those accounts from contributing to our Atlassian Guard billing when their usage is outside our organisation’s control.

      Why this is important

      1. This will prevent the unwanted product access to the external Atlassian organisation for the managed user accounts.
      2. Make sure that the organisations will be charged for the Atlassian Guard subscription only for those users who are using the products from their Atlassian organisation.
      3. This will allow the organisation admins to ensure the organisation's security (Enforced SSO) without being charged for a managed account that is using the product outside of their Atlassian organisation.

      Workaround

      As of now, we don't have any specific workaround but:

      1. You can create a non-billable policy and move the users to this policy so the users won't be counted towards the Atlassian Guard billing.
      2. You can un-claim the specific user from the verified domain, so that the user won't be counted for the Atlassian Guard billing.

              Assignee:
              Eric Lau
              Reporter:
              Viren Tholiya
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: