-
Suggestion
-
Resolution: Unresolved
-
None
-
1
-
Unmanaged Atlassian accounts have only the following option when it comes to sharing their personal information:
- Anyone - The information in this field is visible to anyone who can view your content, and it is accessible by apps installed in Atlassian cloud products.
- Only you - The information in this field is only visible to you.
Update your profile and visibility settings
This means the user's email address can be hidden from Jira Service Management Agents, unless they are given admin permissions for the site. Since only the user's name is visible for JSM Agents, if their customers share the same name or very similar names, they have no way to confirm, to identify the correct user using the email address as the unique identifier
Possible solutions would be:
- For unclaimed domains, an Atlassian Site should have the right to refuse to allow external users who do not share their email addresses. On signing into a portal, the users should be prompted to allow sharing with the customer support portal. This would be similar to the security policy for ensuring only users with MFA or SSO are allowed to log into a site.
- The owner of a claimed domain can authorise other Organisations to see all its members email addresses. Organisations will need to be able to make a request to the owner of another Organisation.
- is related to
-
- Gathering Interest
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Thanks. This is a social engineering threat vector and reduces security of the platform.