• Products
  • Documentation
  • Resources

Review users to trust email domains

To ensure your Cloud site is secure, you must migrate only users with emails from domains you trust.

Before you create a migration, you’ll need to secure your Cloud site by reviewing the email domains and marking them as trusted or not trusted using the Cloud Migration Assistant.

When you mark an email domain as trusted, it means that you don’t have any security concerns with that domain.

When you don’t trust an email domain, it means that you don’t know the origin of that domain or that it belongs to an organization you don’t trust. If you don’t trust all or some of your email domains, you’ll still be able to run a migration, but your migration will fail. We recommend you work with your security team to decide which email domains you trust.

You can create and run migrations without reviewing and trusting email domains, but the migration will fail till you mark all the email domains as trusted.

To mark the email domains as trusted or not trusted, follow these steps:

  1. Open the Cloud Migration Assistant.

  2. Select the Review all email domains card on the Migration Assistant home screen. The list of email domains in your user base is displayed.

  3. On the Review all email domains screen, review each email domain and mark them as trusted.

For more information on this security enhancement, see the documentation on how to use Jira Cloud Migration Assistant and Confluence Cloud Migration Assistant.

You can also query your database to create a report that contains all the domains used in the user emails and the number of users in each domain. To learn how to prepare SQL queries for your database, see Auditing user email domains by querying the application database.

We don't recommend this option because, after the domain review, you would still need to use the Cloud Migration Assistant to trust each domain.

If you can't mark a few or all of your email domains as trusted, here are some steps you can take.

What to do with domains you don’t trust?

When you don't trust an email domain, you need to review the email IDs from such a domain in your Server or Data Center instance and modify the user details such as username or email address or delete the user.

Use one of the following methods to modify user details to be able to unblock the migration:

  • User administration tools in Jira and Confluence Server or Data Center

  • Modify users from external directories

Use admin tools to modify users

Use the existing user administration tools in your Server or Data Center products to review all the users with untrusted domains. To do so, search for the untrusted domain and modify, disable, or delete the user.

  1. Select Administration > User management.

  2. On the next Users screen, search for the domain you don’t trust.

  3. From the list that appears, select the user to be modified.

  4. Edit the user details such as the email ID or username.

Modify users in your external directories

Take one of the following approaches to modify the users in your external directories:

  • Modify the emails of the users with untrusted domains to addresses of domains you trust

  • Delete the users with emails containing untrusted domains

Modify the emails of the users with untrusted domains to addresses of domains you trust

What to do?

Find the user’s location or origin and then modify their email ID. The possible locations can be LDAP, Crowd, or Jira.

What’s the result?

There is no change in user ownership of data or tracking of user actions within the product.

How do I do this?

For Jira, see Editing users.

For Confluence, see Edit User Details.

Delete the users with emails containing untrusted domains

Jira

 

What to do?

Find the user’s location or origin and then delete the user. The possible locations can be LDAP or Crowd.

What’s the result?

When you delete a user, the filters and dashboards owned by this user are also deleted, even if these filters or dashboards are shared with other users.

Before you delete a user, you need to know the following:

  • All issues reported by or assigned to the user you are attempting to delete are respectively hyperlinked to a list of the individual issues in the Issue Navigator. 

  • You can't delete a user from within Jira if you're using External User Management but you can deactivate the user. If however, this user is a Jira project lead, you can’t deactivate them. You need first to remove them in the project settings.
    Also, deactivating a user doesn’t mean they won't be migrated. Note that after migration, if such a user is mentioned in a comment or description, their ‘mention’ is turned into ‘@user,’ which is a broken tag, and they won't have product access.

  • You can't delete a user from Jira if they’ve reported any issues, commented on any issues, or been assigned to any issues.

How do I do this?

See Deleting users.

 

 

Confluence

 

What to do?

Find the user’s location or origin and then delete the user. The possible locations can be LDAP, Crowd, or Jira.

What’s the result?

You won’t be able to track the user’s data ownership and actions within the product in Cloud.

If you delete users from external directories (and synchronize), they become inactive in Jira. An inactive user becomes active in Cloud, does not have product access, but has site access.

How do I do this?

See Delete or Disable Users.

How to review email domains if you have already migrated to Cloud

If you’ve already migrated emails from untrusted domains to Cloud, do one of the following to safeguard your Cloud site:

  • Suspend users

  • Delete users

Suspend users

What to do?

Suspend users with emails containing untrusted domains if they have already contributed to the content.

What’s the result?

Users won’t be able to log in to the Cloud and will stop receiving notifications.

How do I do this?

For Jira and Confluence, see Remove or suspend a user.

 

Delete users

What to do?

Delete the users with emails containing untrusted domains if they haven’t contributed to any content.

What’s the result?

A user who has not contributed to any content will disappear from the user list. They are not linked to any content, so there is no need to trace their impact on the instance.

How do I do this?

For Jira and Confluence, see Remove or suspend a user.

 

Additional Help