This is not an acceptable solution. As others have mentioned, limiting this to Enterprise when it impacts the cost around Atlassian Guard is just insulting to your Guard customers as well as bad optics as you are gating basic user management features that impact cost behind a higher tier. Especially considering Enterprise tier is only cost-savings when organizations are using multiple Jira/JSM sites (Premium + Standard Guard will always be more cost effective when using a single site).

Even if it is locked for Enterprise, in Enterprise you can't use it if you don't have also a Jira, Confluence JSM contract. So if a company that uses products from another vendor wants to just stop people from using Trello there is no way. That is the saddest part.

This is the exact solution I and so many others were looking for, it being locked to Enterprise plans is a crazy decision. Our main issue is users can freely use Trello and make us pay for it and Atlassian does not give us a way to help control this unless we do not use an identity provider (so non-billable policy). This should be a basic feature for companies that pay for your products. 

gjones@atlassian.com - I've just found out that a Trello license can be freed up if the user no longer belongs to any Trello workspace. As long as the user is not associated with any workspace or boards in Trello, their Trello access will not count toward the company’s Atlassian Access (Atlassian Guard) license usage for Trello.
 
For example:
 
•When a user is removed from all Trello workspaces, their Trello account remains active, but they will no longer have access to Trello boards or workspaces.
•Since they are no longer part of a Trello workspace, they won’t consume an Atlassian Guard license for Trello.
•They can still be active in other Atlassian products, like Jira, without impacting the Trello licensing cost.
 
Just a suggestion:

• Allow the Org Admins to set a lifespan on a Trello workspace.
• If the user is not logging into it within this lifespan, they are automatically removed from the workspace. This would free up the guard license. 
• possibly allow the org admins to be the admin on a workspace, but without using up a license

Right now, I'm just working on getting a set of instructions to the end users and have them all log out of the Trello workspaces for accounts they are using up in Atl Guard. Very cumbersome, and we will have to manually monitor these Atl Guard licenses for the same issue. Clearly, a better solution is needed here for this. 

We are really disappointed with the decision to make this feature available only for Enterprise plans. The need for better administrative controls in Trello was raised back in 2020, and it seems like a basic access control feature that should be available for all user tiers. The fact that users who were migrated into the Atlassian Cloud and already had a Trello subscription are now required to use Guard licenses, and can't escape these license settings, is concerning.

gjones@atlassian.com, I hope Atlassian will reconsider this decision and make this feature available for all users.

gjones@atlassian.com - this is a major miss... This issue should not be closed, the feature did not match the desired outcome from the customer. Seriously, Atlassian who holds dear everything Agile, you didn't even involve the customer when building your feature. Super disappointed in this move.

If anything cheap shots like this discourage me, as an Atlassian admin, from pursuing more products for my organization.

Making this enterprise only is a real bad move. It probably solves an issue with a small handful of customers, rather than building trust within the larger pool of Atlassian evangelists here.

The story persona was "as an admin" - not "as an admin with an enterprise licence".

I'd love to know how this hit the AC, and how Atlassian thought at any point "our customers will happy with this".

I agree with e7fbeb34bb36 and f758dfca1d8c (nice near-Haiku btw!) this should not be closed until sorted for all user tiers, just as https://jira.atlassian.com/browse/ID-7697?focusedId=3515005&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-3515005 should not be closed please! 

gjones@atlassian.com Just to summarise. Trello experienced a data breach earlier in the year. Rightfully so, there has been an increased response for administrative controls to limit user access to Trello. Atlassian finally releases this functionality but behind a paywall.

I have to say the optics of this decision is incredibly poor, and quite frankly embarrassing.

I agree with everyone else on this. The feature should not be paywalled behind an Enterprise subscription.

Basic features locked,
Atlassian’s fees climb higher,
Wallets feel the strain.

premium customer: slow clap

gjones@atlassian.com out of curiosity, how many Enterprise clients does Atlassian have? The vast majority of people who asked about this feature I bet that they do not fall in this category. It's disappointing to say the least, especially for an issue that started back in 2020. You should have this feature for premium plan as well.

You cannot be serious?! You released this as an Enterprise feature? This is a basic access control feature to prevent unauthorised use of software. Your product, and my organisation's use of it, is less secure because of this decision.

gjones@atlassian.com - Thank you for the update on the new features. We are happy to see this. The problem is, it doesn't quite work. If a user is in the Atlassian Cloud already, and would like a product (say Trello), well, now from these new features, the settings might force them to ask the Admins for this access. Great. If however, this user already had a Trello subscription using a corp email address, then ended up getting migrated into the Atlassian Cloud, boom, they use us an Atlassian Guard license, and moving them to a Directory Connector that is non-billable is not a viable option. What happens then is, when multiple users are in the same boat when they are migrated. This bypasses this ask admin feature. Likewise, Trello cannot be removed from their profile. The end result is paying for the Guard licenses, and no way to escape these license settings. 

Update on Trello Shadow IT

This is a lack of control from Atlassian/Access, which only jeopardizes license management. Atlassian  cannot accept this as normal, we certainly don't.

+1

Not sure why Trello even sits under the Atlassian/Access umbrella at all if we cannot control this. Atlassian enterprise controls should provide the ability to allow/prevent users from engaging with additional products, trials, tenants etc including free Trello accounts and boards.

We don't want to prevent our staff from creating a Trello account when they have been invited to another organisation's Trello board (such as a customer board, or the Trello boards Atlassian CSMs use themselves). But we do want the ability to prevent the creation of objects/boards within Trello to control where our staff store, create and manage all their data. This is a central role of IT and Security.

Hello

I have same issue here . We cannot accept that Atlassian makes us pay for all users that might sign into Trello using company domain without domain's approver.

They need to fix this, its inviting users to abuse over connections to Atlassian products with the "try it its free!" but in fact it is not free at all for the company as we pay the Atlassian Access license.

Companies need to have complete control on all Atlassian licenses, and acting like that is abusing practices.

You cannot expect control on users behavior when you have +7000 active users in your company! You need to fix this using Azure AD groups as we do it for JSM or JS to block access for all managed accounts of a domain.

Whilst the billing piece is an issue, I think the biggest concern is the risk to data leaks on a product we cannot prevent our colleagues from using.

Nothing stops one of our employees creating a Trello board, uploading confidential attachments, inviting their personal account, then downloading those attachments onto any other device using that personal account.

Additionally we cannot forcefully delete their Trello account without it impacting their other Atlassian services, which is against EU GDPR.

This needs a resolution.

Same issue here - we need to get over 100 users to manually logon to Trello and deactivate their personal workspace so they are not billable.

We cannot stop users from using Trello - we cannot deactivate users as it stops them from being a JSM customer with SSO. 

Even when we do tidy this up we cannot stop new or other users for signing up to Trello again. 

This really needs a fix.

Michelle, that is very well said. Several companies are fighting this battle it appears. 

Checking back after struggling with this issue for over a year and I am very frustrated to see no progress on allowing us to manage our Trello users who have created free accounts outside of our knowledge, and now as managed accounts we cannot even delete these free accounts. We are locked behind a paywall to be able to manage any Trello users, and the costs are very high, especially with a large organization like mine, and this only to delete the accounts.

Moreover, I have heard security concerns about free Trello accounts and public bords which we cannot control now, especially across hundreds of users. So, we are forced then by Atlassian to buy a product we do not need, only because of how this was implemented by them when they purchased it.

I can say that my DPOs are not going to be very happy when I raise to them this security risk, and that Trello is refusing to allow us or our users to delete their own data. As an EU organisation, I see this as borderline illegal and against all GDPR regulations. We will be monitoring this closely.

Can you simply just allow Atlassian Access admins to force an account to close on Trello? The process could involve exporting all the users' boards, etc, so they at least have a backup. But the solution shouldn't involve waiting for users to deactivate/delete their own account. Why are we even paying for Enterprise-level controls? Would you expect a user to deactivate their own Active Directory account? No, if they didn't want to, they could leave it open indefinitely along with all the security risks associated with that practice, if IT didn't have a way to control access. Think of this not just from a financial perspective (of your customers) but from a security risk perspective too.

Trello "alleged"data breach

In January 2024, data was scraped from Trello and posted for sale on a popular hacking forum. Containing over 15M email addresses, names and usernames, the data was obtained by enumerating a publicly accessible resource using email addresses from previous breach corpuses. Trello advised that no unauthorised access had occurred.

https://haveibeenpwned.com/

So not only are we paying the additional cost of a premium Trello account to try and safeguard our businesses, but even then they use unprotected S3 buckets to store data, as-well-as hid the visibility from admins to see of anyone in your domain has a public board that shouldn't.
Not only that, I now need to send an email out that exposes that we don't know if you are, or aren't using Trello, to change your password and check your boards visibility.

Apparently someone had HR data on a public board!

I'm nearly there with my project to move everyone to MS Planner via O365, however, other than blocking Trello at the FW, you could still be at risk of domain sign-ups.

Piss poor that this issue looks to be since October 2023, but is actually from the 20th Jan 2020, before they just closed the ticket.
Nothing but a revenue grab for nothing. 

It's unbelievable that this is treated as a suggestion.

It should not be a suggestion but a bug as it impacts billable user count of enterprise organisations. Is there an ETA when this work will be picked up by development team?  

The behaviour of nickle and diming your customers for security features that other products have out of the box is frustrating. Moreover, when teams do shell out for these features, other features that impact it are locked behind another tier, another cost. It is bad enough you are adding guest confluence accounts to the billable, at least we can control that. But the free Trello accounts wherein we cannot even "remove" their product access tho they haven't logged in for 2 years?

+1 stop being greedy and sweeping it under the carpet!

Can this finally be implemented, please - as the initial request (comp. https://jira.atlassian.com/browse/ACCESS-1468) is already from 30/Jan/2020 ???

This is genuinely asinine since this request https://jira.atlassian.com/browse/ACCESS-1468 is being split into multiple issues. 

When people talk about rigging the vote, diluting the constituency, invalidating the polls, or just generally intentionally missing the point, this is EXACTLY what they mean, this ticket and its siblings, right here.  

Yes, we're mad about this.  This is infuriating.  

See also: Gerrymandering - Wikipedia

I can't believe I have to vote/comment again on this. You closed the long-running card without solving anything, just cut it into 4 pieces. I get it that logically there is more than just "one thing" as pain point, but please get some traction already...

@Bas Rathje
Nail on head there!
Why am i paying for Atlassian Access, Jira, Discovery, Plant, Confluence, etc, and the premium Trello, to allow me to lock down information security to my domain, when any user can just sign up the free version, and then share that data to ANY user in Trello. Mind blowing, but guess what, you can upgrade to Enterprise and that will apparenty give you the facility to lock it down. What's the point of the security in the middle plan then?
My 2 pence is that Atlassian don't know what to do with Trello, didn't scope it when they purchased it, and are just letting it run as an additional best efforts revenue stream.
Anyone that is using this for Tech, will have moved to Jira, and built a similar Kanban board, and any consumer type users can use MS Planner, but only within their O365 Group.

It would seem that Atlassian ignores all hundreds (thousands?) of comments in the parent ticket (ACCESS-1468) and chooses to spin up a new ticket for Trello in "suggestion" phase.

I no longer think Atlassian is missing the point, I can only assume this is to protect the revenue streams from Atlassian Access, which I understand is is their rightful thing to do, but they have to understand this revenue is generated / provided unwillingly by many clients, which will have a large impact to customer satisfaction. it sure affects mine.

Let me explain the issue once more. Atlassian is selling:

• Jira Service Management , with the functionality of portals and "portal customer accounts",
• Atlassian Access for "adding enterprise-grade identity and access management (IAM) features to the central admin console.".

According to https://support.atlassian.com/subscriptions-and-billing/docs/manage-your-bill-for-atlassian-access/

"Jira Service Management portal customer account are not considered a unique billable user for Atlassian Access, but still covered by Atlassian Access features."

Our organization does require SSO and IAM security controls, which is why we chose JSM + Atlassian Access. We have implemented, and spending thousands of $ on Atlassian each month/year.

The issue: Any of our domain managed accounts (all of our employees in the domain) that have used Trello (free plan) at least once in the past 5.5 years (since Feb. 2018 and later, and this is a FIXED date, it hasn't moved at all in the last few years) is counted into Atlassian Access billing at $4 per user per month, completely negating the non-billable aspect of JSM portal customer account.

By far the largest majority of these users hasn't touched Trello for years and isn't even aware they did open it at some point in time between 2018 and now.

This applies to hundreds of our accounts, driving up the monthly Access bill to ~$1200 monthly for over 400 users that at some point interacted with Trello, whereas in reality actual agents are <100 (<$400 monthly).

All of this would not be a problem, if Atlassian allows us to remove and block Trello product access from our managed accounts, or allow Trello to exist outside of Atlassian Access. Both of which Atlassian does not allow.

There's been a very lively discussion on exactly this issue, where Atlassian is unjustly generating revenue on SSO/IDP'ing Trello Free where IT leadership teams, the paying customers, have no control whatsoever to prevent users from going to Trello and logging in, at which point that individual adds $4 montly subscription to the Atlassian Access bill.

Trello users themselves cannot login to Trello and delete their account to prevent the extra cost, as Trello will simply point to the managed account which users cannot control (and they require to have it for the JSM portal)

All of this was, and remains to be, unacceptable.

Note, Both of the 2 offered workarounds from Support are not viable:

1. To "deactivate the user accounts" which is impossible since we require them activated, as portal customer accounts, to access the Jira Service Management portal.

1. To "add affected user accounts into non-billable authentication policy and let affected user accounts to login service desk portal via username and password" - this kills the Identity Provider link, so there's no SSO or IAM controls, which we require and how Atlassian is selling this JSM + Atlassian Access.

This still needs to be adressed by Atlassian per the highest priority. The fact that the parent ticket (ACCESS-1468) is around since 2020 and still this issue is not being adressed (instead this new ticket gets created) is not looking good by any means.

It's certainly unacceptable to us and without a doubt to many other larger companies that require ful SSO/IAM security controls on their SaaS applications.

This feature needs to be implemented. 

It is ridiculous that you cannot remove Trello accounts from Atlassian Access and are charged for having these accounts included especially if they were not created by the enterprise that is being changed.

There is also no way to disable the accounts if they are being ingested into Atlassian via Access. The deactivate button is greyed out. 

nothing like a company trying to hide feature requests by moving it to new tickets and delaying development.

an essential feature of atlassian access. But what's the point of paying so much for it?

Please let us remove Trello products so it doesn't take up Atlassian Access Accounts for customers using Jira Service Management.  I can't stress enough how dumb this is.

Yes, please! This is a closely-watched and highly anticipated request from our organization. This wastes a huge amount of time in regularly scanning through lists of users to see if someone has opened a new Trello account without permission. Hoping this can be implemented sooner than later.