With nothing currently in development by Atlassian to improve the User Access features, we've released an app to put some automation into admins hands to better control product access. With the Admin Automation app, it doesn't matter which invite or user access setting you have turned on, you can automatically remove product access for any user if they're not in one of your 'key' groups. The app will sync users from any group, into any other group, so you could:

1. Remove any user from jira-users-* or confluence-users-*, if they're not in your special 'All users' group. This is a simple and quick way to ensure new users can't get access/invited to any products without being in your 'key' group.
2. Sync an IdP group into any of the Atlassian default product groups.
3. Sync users from the jira-users-* group into the confluence-users-* group, ensuring that Jira users always have access to Confluence as well.

Hopefully the app can help some of the people on this thread!

-Kieren
Co-Founder @ Smol Software | Ex-Atlassian

So happy for this to be released, and we have implemented it today. Is there an open feature request for us to customise the message users receive when they now try to access the site? They currently receive a default "Your account does not have access" message. We would instead love to customise that to point users to our JSM portal where they can request access. This is a much better user experience for users that do not know how to request access.

@kdight I will follow up with support further. Taking back what I stated if this works. Took long time but very much appreciated if this works.

I already have the feature turned on i.e. "Dont allow invites" but users are still able to request for access. For example: if they are given a link to a Jira ticket and click on it... the Jira gives them an option to request access.

80871433f72b 6f385249c9c9 - You can do this today already. In your 'Approved Domains' list, you can see which product is set to 'Admin approval = required'. You can remove these products and users will not be able to request access to them, if they happen to visit the product.

The combination of Removing products from your 'Approved Domains' list, and setting your User Invite settings to 'Do not allow invites', will prevent any users from inviting or requesting access for themselves or others. Only Org and site admins will be able to add users.

It is pretty funny to observe the comments here. While I would love to see the option to disable invites available, I already understood it will never happen. Atlassian is still a growth company and working in the interest of customers in this case goes against the primary interest of Atlassian and that is growth. 

When you also look at the admin interface, it is dated and chaotic. Fixing that goes against the interest of Atlassian which is to grow the ecosystem of consultants and the marketplace. Thus making Atlassian better and easier to manage isn't something Atlassian is looking for. Thus people, give up and accept the fact this will never be made better. Cheers  

Not all issues (multiple) reported on this ticket were resolved. In the summary of this ticket it mentions "even though all site access options are disabled users are still able to request access, it would be useful to have the option to disable completely those access requests." Could a new feature request be created to disable requesting access completely?

I already have the feature turned on i.e. "Dont allow invites" but users are still able to request for access. For example: if they are given a link to a Jira ticket and click on it... the Jira gives them an option to request access.

Hey all,

The "Don't allow invites" feature was recently rolled out to all organizations! In addition to preventing invites, organization admins can also specify a message to display to users when they try to invite a user. This could be helpful in directing users on the proper way to get another user added to your products.

If you run into any issues with this feature, please reach out to support at support.atlassian.com.

Having a button to enable/disable that functionality would be great.

I really hope that Atlassian can implement this feature soon.

Hi Everyone,

A quick update on this ticket:

We've built a setting to turn off all Access Requests https://jira.atlassian.com/browse/ID-7692

It's currently in Beta and needs to be enabled via a Support Request.

Please enable either custom login pages (to remove the ability for users to bypass SSO or defined login path), or implementing the ability to disallow requests from all users. We have a situation where we went live, and users are entering their email addresses instead of "Continuing with Microsoft" and then they request the available products. In all cases, these users already have the appropriate license, they are just not following the SSO path. If we could turn off all options for our instance to use anything but "Continue with Microsoft" or if we could turn off their ability to create a new account and request licenses on it.