Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
Available external user security policy and settings
External user security includes these two types of policies for each organization.
External user policy
Test policy
External user policy
An external user policy allows you to apply security settings to external users. The settings apply to all the external users in your Atlassian organization.
Test policy
A test policy allows you to test external user security settings for a few users before you roll them out to all your external users. You can add up to 5 external users to a test policy.
After you turn the settings on, they may take a few minutes to apply to external users. When you’re ready to roll out external user security, you can turn the settings on for all your external users from the external user policy.
Learn how to set up a test policy
Review external users before you apply settings
Review the external users in your organization before you change security settings. To review external users and their details, you can export a CSV file of the external users. The export contains information about each external user in your organization.
Learn how to export users
Two-step verification
By default, we don't require external users to verify their identity with two-step verification. You need to turn settings on to require two-step verification. When you turn settings on, all external users need to complete two step-verification.
When external users try to access product data in your Atlassian organization, we ask them to verify their identity with a temporary one-time passcode that we email them. Learn about the one-time passcode experience for users
You can turn these settings on and off, but you're unable to change the two-step verification or verification frequency setting.
Verification frequency
By default, we don't require external users to re-enter a one-time passcode every seven days. You need to turn settings on to require verification frequency. When you turn settings on, all external users need to verify their identity every seven (7) days.
Learn how to edit external user security settings
API token access
You’re able to control API token access to products in your organization with the API token access setting. This setting affects all external users within the organization.
Learn more about API token access
Was this helpful?