I can deactivate users to stop access to trello but how do I keep my Jira Software users from using it?
I can filter products and identify the trello users and put them in a non billable bucket but anyone using a product that i actually want like software or confluence can stillaccess trello

We were an early Access user because we wanted to dip our toes into Cloud with a few users. Then suddenly all our Trello free-users got tacked onto the bill and we had to cancel. Coming back here after two years to check on the progress and it doesn't look solved yet. Non-billable Policies does not solve that problem. We just want Access applied to sites and services we pay for--not every single free random service, site our users stumble upon.

craigoliver we would like to your better. Would you be open to a quick chat with our team? If yes, can you please email me (njayasankar@atlassian.com) with your timezone and some times you are available in the next 2-3 weeks?

cdff9ac2e17c please follow https://jira.atlassian.com/browse/ACCESS-102. We will update this ticket when we start executing on the concepts we discussed with you a few weeks back. 

I agree - Confluence already encapsulates the concept of a site. It would be much easier, I think, to treat the set of users allowed to access the site as a whitelist for billing, and... ahem, for identity purposes. . The negative list seems like a convoluted workaround due to the inherent limitation of lack of true site based management.

The nonbillable policy might work in an organization where there is control and authority over the group of users that are not to be billable. But in a dispersed organization the Atlassian administrators may only have authority over a subset of users in the domain. What is required for our organization to be able adopt the cloud products is an "allow-list" for billing and access, rather than a "deny-list" as described in the nonbillable concept. Within the "allow list" we would list our own domain users, and ignore and not pay any other users in the same domain, but from unrelated organizations.  We have no mechanism to add those users to a deny list.

Hi d618e37a2c26, you can use a nonbillable policy for accounts you don't want covered under your Atlassian Access subscription.

https://support.atlassian.com/security-and-access-policies/docs/understand-authentication-policies/#Authenticationpolicies-Whatisanonbillablepolicy

Thanks,

The Atlassian Access team

Great feature. How does this address the "and only pay for these accounts" part of the suggestion? 

Congratulations @Narmada and the team! Is there a separate ticket that exists for site based SSO - where IdP can be associated with a site rather than with a domain?

Hi,

 We are excited to announce that we have shipped the Authentication policies feature. You can now apply Atlassian Access security policies on a subset of managed accounts using this feature (https://www.atlassian.com/software/access/guide/elements/authentication-policies#why-apply-multiple-authentication-policies). We are still in the last leg of the rollout. If your organization doesn’t have the feature yet, file a support ticket (https://support.atlassian.com/contact/#/) and we will enable the feature for you.

 Thanks,

The Atlassian Access team.