What is external user security?

People in your organization sometimes work with users beyond your administrative control, known as external users. For example, these people can be from outside your company. As an admin, you manage the tension between how to:

• give external users access to encourage collaboration with your employees

• prevent unwanted access to your data

External user security helps you protect data in your organization. You can require an extra step of security when external users try to access your organization’s data. Configure external user policy

Example of external user security

This is an example of how external user security works.

1. A user logs in to Atlassian to access Confluence in an organization called Bancly Inc.

2. They open a Jira work item from another organization, Acme Global. Acme Global’s external user policy requires external users to verify their identity to view content.

3. The user verifies their identity with a one-time passcode. They can now view the Jira work item in Acme Global.

External user security in apps

External user security settings apply to external users in your Atlassian organization that use these apps:

• Confluence (including Confluence guests)

• Jira

• Jira Service Management (Atlassian accounts only)

• Jira Product Discovery

We also block external users from viewing your organization's app data through mobile push notifications.

External user access to public content

An organization may make content available to anyone on the internet, which becomes public content. Anyone can view public content anonymously, but external users may find they need to verify their identity to view the same content if they log in to their Atlassian account. This can happen when you apply external user security to your organization.

Limitations of external user security

External user security settings don't apply in some cases. We won't verify the identity of external users when they:

• view in-app notifications

• view data through AppLinks