使用可能な外部ユーザー セキュリティ ポリシーと設定

外部ユーザーのセキュリティには、各組織に対して次の 2 種類のポリシーがあります。

  1. 外部ユーザー ポリシー

  2. テスト ポリシー

誰がこれを実行できますか?
ロール: 組織管理者
プラン: Atlassian Guard Standard

外部ユーザー ポリシー

An external user policy allows you to apply security settings to external users. The settings apply to all the external users in your Atlassian organization. It can take a few minutes for the settings to apply to your external users.

If you need single sign-on you can apply it to users in this policy. Along with the ability to apply single sign-on you’re able to apply session expiration and to user API tokens.

By default, the users in an external user policy count towards your Atlassian Guard Standard bill. Alternatively if you don’t want to use single sign-on you can make your policy non-billable.

How to manage your Atlassian Guard Standard bill

請求対象外ポリシーとは

A non-billable policy gives you the flexibility to choose whether or not to include external users in your Atlassian Guard Standard subscription. When you make an external user security policy non-billable, we won’t bill you for users in the non-billable policy.

In a non-billable policy, you’re only able to apply one-time passcode, session duration, user API token access controls.

How to make policy non-billable

テスト ポリシー

A test policy allows you to test external user security settings with a few users before you roll them out to all your external users. You can add up to 5 external users to a test policy. The users don’t count towards your Atlassian Guard Standard bill.
How to set up a test policy

設定を適用する前に外部ユーザーを確認する

Review the external users in your organization before you change security settings. To review external users and their details, you can export a CSV file of the external users. The export contains information about each external user in your organization.
How to export users

Authorization methods

By default, external users in your organization can access product data without needing to verify their identity your organization. You can select one these authorization methods to verify their identity: single sign-on and one time-passcode.

Single-sign on (SSO)

You can require users to verify their identity with single sign-on. This means you can manage security for all your users (managed accounts and external users) from one place, your identity provider. This makes it more secure and more efficient.

Before you can apply single sign-on to an external user security policy, you need to:

  1. アイデンティティ プロバイダーをアトラシアン組織に接続する

  2. Configure SAML (Security Assertion Markup Language) for single sign-on

When you connect your identity provider and configure SAML, you can authorize external user access to Atlassian products with single sign-on.
How to authorize single sign-on

You’re unable to connect Google Workspace to apply single sign-on to external users.

One-time passcode

One-time passcode allows you to require external users to log in a second time with a one-time passcode. When external users try to access product data in your Atlassian organization, they must verify their identity with a temporary one-time passcode that they receive through their email.
Understand one-time passcode experience for users

No authorization method

In some cases, you may want to allow external users to access your organization without verifying their identity. Select None allows you to do this without requiring external users to log in a second time.
How to edit no authorization method

Session expiration

A session is the amount of time an external user can access products in an organization before they need to verify their identity again. You can choose when a session expires and a user needs to verify their identity. When you set the session length, it only applies to your external users. The setting doesn't apply to managed accounts or mobile sessions.

The session restarts when:

  • 外部ユーザー セッションが期限切れになった場合。

  • 外部ユーザーのセッションをリセットした場合。

  • 外部ユーザーが、セッションの有効期限が切れる前にログアウトして再度ログインした場合。

We recommend letting your external users know about updates you make to session expiration. How to edit session expiration

User API token access

You’re able to control user API token access to products in your organization with the API token access setting. This setting affects all external users within the organization.

ユーザーは組織への認証とスクリプトの実行のために API トークンを作成します。API トークンを利用したアクセスでは、外部ユーザーが組織の製品に対して API トークンを使用した API 製品呼び出しを行うことができるかどうかを制御します。

既定では、組織の API トークン設定はアクセスを許可するよう設定されています。外部ユーザーが製品への API 呼び出しを行うときに、アクセスを許可またはブロックできます。この設定は、組織内のすべての外部ユーザーに適用されます。

API トークンを利用したアクセスの更新

更新には最大 10 分かかることがあります。更新が適用されるのは、次に外部ユーザーがトークンを使用して API 呼び出しを行い、組織内でスクリプトを実行しようとしたときです。更新が完了する前に、外部ユーザーがトークンを使って製品にアクセスしようとした場合、引き続き組織にアクセスできます。

How to update user API token access



さらにヘルプが必要ですか?

アトラシアン コミュニティをご利用ください。