Hey team,

There is a very specific problem that prevents external users from logging in using OTP, and this is creating problems.

Summary:

If you enforce users outside of your domain to use OTP but grant only access to Projects and Goals (no P1 product), the user will not be able to log in.

Granting access to only Projects and Goals doesn't show the site as an option for the customer, and it doesn't trigger the OTP process to log in, presenting an error. 

Steps to Reproduce

To reproduce the problem:

1- Update a site to require external users to enter an OTP on login, using the steps in this guide
2- Grant access using a group only to Project and Goals, no other product, to an external account.
3- Using this external account, log out, as this will require you to re-auth.
4- Log back in at home.atlassian.com
2. Navigate directly to Goals or Projects using a link, since you won't have access to the app, and you should also see the error message.

Workaround

The main workaround would be to grant a P1 product access (such as Jira or Confluence). Then, go to Jira, for example, it will require entering an OTP, and after that, you can access the Goals or Projects page.
 
The workaround above is if a user has access to another product that's supported with authorisation methods (Confluence or Jira), navigates to that product, and enters their OTP there. This will authenticate their account, and they can then access Projects/Goals.

But for users with access to only Projects and Goals, without any product that they can access to enter in and authenticate their account, they can't log in.

There are no issues with accessing Projects/Goals without any other license if an authorization method is turned off for external users.