Learn about security solutions and standards
Care about security? We do too. Learn what Atlassian does and what you can do too.
What is external user security?
People in your organization work with external users beyond your administrative control. For example, these people can be from outside your company or from different departments inside your company.
As an admin, you manage the tension between how to:
Give external users access to encourage collaboration with your employees
Prevent unwanted access to your data
External user security helps you protect data in your organization. You can require an extra step of security when external users try to access your organization’s data.
This is an example of how external user security works:
User logs in to Atlassian to access Confluence in Bancly Inc.
User clicks on Jira ticket from Acme Global but needs to verify their identity to view the ticket
User verifies their identity with a one-time passcode
User views Jira ticket in Acme Global
Who can do this? |
Limitations of external user security
External user settings don't apply in some cases. We won't verify the identity of external users when they:
View in-product notifications
View data through an app link
External user access to Atlassian products
External user security settings apply to all the external users in your Atlassian organization that use these products:
Confluence (includes Confluence guests) More about Confluence guests
Jira Product Discovery
Jira Software
Jira Service Management (JSM) (Atlassian accounts only)
Jira Work Management
Make sure external users with an Atlassian account can access JSM help
When you enable single sign-on, you must sync external users from your identity provider so they are not blocked from accessing the help portal.
External user access to public content
An organization may make content available anonymously to users which means it’s public content. When you apply external user security to the organization, an external user may not be able to view the public content anonymously.
For instance, a user is not logged into an Atlassian account when they view content anonymously in an organization. If the user logs in, they can’t view the content because they are no longer anonymous. They are now an external user and must verify their identity to view content in the organization.
Additionally, we block external users from:
Viewing your organization's product data through mobile push notifications
Was this helpful?
Still need help?
The Atlassian Community is here for you.