Non-admin users able to install app in jira site

Platform Notice: Cloud Only - This article only applies to Atlassian products on the cloud platform.

Summary

In Manage Apps > Audit logs, events can be seen that non-admin users installed and authorized apps. 

Diagnosis

  • If we log in with the user (who allegedly installed the app) on the Jira site, navigate to App > Explore More Apps > There is no option to install the app but only to request the app. 

  • The user is not able to see the "Manage Apps" option

  • In the audit Log section, we see events that "user authorized app name"

    • The event does not have an app-key mentioned.

Cause

  • This event shows up when a user tries to connect to the Jira site from a third-party app via OAuth. 

  • Example: a user installed ExampleApp client on his machine and then connected to his Jira account to import Jira issues. 

  • By doing so, the user gave ExampleApp access to Jira data via his account. ExampleApp will only be able to access the data that the user is allowed to see. 

  • The events we see only depict that the mentioned user gave access to a third-party app and does not mean that the app is installed on the Jira site.

Solution

If the user does not want this connection to continue, they can navigate to https://id.atlassian.com/manage-profile/apps and revoke access for a third-party app.

Admins can also do the same on the user's behalf by removing the app from the "Connected Apps" section on the admin.atlassian.com portal. 

Reference: Manage your organization's third-party apps

Updated on March 12, 2025
Platform
Cloud only
Products
Jira Software Cloud
Jira Service Management Cloud
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community