Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
3
-
-
Jira Software, Jira Service Management, Jira Work Management, Confluence
Description
Logging into the Confluence, Opsgenie, and Jira mobile apps spawns an in-app browser that could possibly bypass MDM policies in place for the corporate device. Opening up possibilities of data exfiltration.
Suggestion
Allow an option for the Atlassian identity login flow on mobile apps to spawn a browser outside of the app (system default)
This is particularly important for iOS users where Atlassian Mobile apps use the recommended API ASWebAuthenticationSessionwhich, which only allows the authentication to be executed on Safari engine, on a secure embedded web view:
Considering that some companies might decide to block Safari due to their security policies, the SSO authentication using Safari is blocked and fails.
Current Workarounds
None available.