Uploaded image for project: 'Atlassian Guard'
  1. Atlassian Guard
  2. ACCESS-832

Enable organization admins to view the authentication policy and method each user utilized when logging into Atlassian.

XMLWordPrintable

    • 21

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      Some admins have users logging in through SSO, social login (e.g., Continue with Google), or the default method (Atlassian email and password), but they are unable to see which login option the user is utilizing or which authentication policy the user is assigned to.

      Suggested Solutions

      Include the authentication policy and method used by the user in the Org audit log.

            [ACCESS-832] Enable organization admins to view the authentication policy and method each user utilized when logging into Atlassian.

            Stefan Papakostopoulos added a comment - - edited

            Hi from CES-53693
            I'd like for the logs (I'm talking about audit logs sent to a SIEM via webhook) to contain information on which authentication policy was used (by name and id), and the current settings of the authentication policy (since they can change). 

            In the json for the audit event "action": "user_login" it would be nice to either add another block or add more information under context. attributes.context.attributes.authFactors shows I had SAML authentication, but what if there is more than one IDP and more than one Authentication policy requiring Single Sign On? Perhaps consider adding something like

            authenticationPolicy.Name

            authenticationPolicy.Id

            authenticationPolicy.SingleSignOnEnforced (true/false)

            authenticationPolicy.SingleSignOnIDP (IDP Entity ID from the associated SAML configuration)

            authenticationPolicy.ApiTokens (true/false)

            authenticationPolicy.IdleSessionDuration

            etc. and all the fields like Password Requirements and expiration for policies that are not enforcing single sign on.

            Fields should be null if not set, but present for consistent reporting/visualization. 

            Stefan Papakostopoulos added a comment - - edited Hi from CES-53693 I'd like for the logs (I'm talking about audit logs sent to a SIEM via webhook) to contain information on which authentication policy was used (by name and id), and the current settings of the authentication policy (since they can change).  In the json for the audit event "action": "user_login" it would be nice to either add another block or add more information under context. attributes.context.attributes.authFactors shows I had SAML authentication, but what if there is more than one IDP and more than one Authentication policy requiring Single Sign On? Perhaps consider adding something like authenticationPolicy.Name authenticationPolicy.Id authenticationPolicy.SingleSignOnEnforced (true/false) authenticationPolicy.SingleSignOnIDP (IDP Entity ID from the associated SAML configuration) authenticationPolicy.ApiTokens (true/false) authenticationPolicy.IdleSessionDuration etc. and all the fields like Password Requirements and expiration for policies that are not enforcing single sign on. Fields should be null if not set, but present for consistent reporting/visualization. 

            Matthew Hunter added a comment -
            Atlassian Update - March 31, 2021

            Hi everyone,

            Thank you for bringing this suggestion to our attention.

            As explained in our new feature policy, there are many factors that influence our product roadmaps and determine the features we implement. When making decisions about what to prioritize and work on, we combine your feedback and suggestions with insights from our support teams, product analytics, research findings, and more. This information, combined with our medium- and long-term product and platform vision, determines what we implement and its priority order.

            Unfortunately, this suggestion didn’t make it to the roadmap this time and we are closing it.

            As we continue to roll out features we do look at feedback from our users and if you feel like this suggestion is still important to your team please let us know by commenting on this ticket.

            Thank you again for providing valuable feedback to our team!

            Matthew Hunter added a comment - Atlassian Update - March 31, 2021 Hi everyone, Thank you for bringing this suggestion to our attention. As explained in our new feature policy , there are many factors that influence our product roadmaps and determine the features we implement. When making decisions about what to prioritize and work on, we combine your feedback and suggestions with insights from our support teams, product analytics, research findings, and more. This information, combined with our medium- and long-term product and platform vision, determines what we implement and its priority order. Unfortunately, this suggestion didn’t make it to the roadmap this time and we are closing it. As we continue to roll out features we do look at feedback from our users and if you feel like this suggestion is still important to your team please let us know by commenting on this ticket. Thank you again for providing valuable feedback to our team!

              Unassigned Unassigned
              jnunes@atlassian.com João Nunes
              Votes:
              6 Vote for this issue
              Watchers:
              18 Start watching this issue

                Created:
                Updated: