Care about security? We do too. Learn what Atlassian does and what you can do too.
People in your organization work with external users beyond your administrative control. For example, these people can be from outside your company or from different departments inside your company.
As an admin, you manage the tension between how to:
Give external users access to encourage collaboration with your employees
Prevent unwanted access to your data
External user security helps you protect data in your organization. You can require an extra step of security when external users try to access your organization’s data.
This is an example of how external user security works:
User logs in to Atlassian to access Confluence in Bancly Inc.
User clicks on Jira ticket from Acme Global but needs to verify their identity to view the ticket
User verifies their identity with a one-time passcode
User views Jira ticket in Acme Global
Limitations of external user security
External user settings don't apply in some cases. We won't verify the identity of external users when they:
View in-product notifications
View data through an app link
External user access to Atlassian products
External user security settings apply to all the external users in your Atlassian organization that use these products:
Confluence (includes Confluence guests) Learn more about Confluence guests
Jira Product Discovery
Jira Service Management (Atlassian accounts only)
Jira Work Management
External user access to public content
An organization may make content available anonymously to users which means it’s public content. When you apply external user security to the organization, an external user may not be able to view the public content anonymously.
For instance, a user is not logged into an Atlassian account when they view content anonymously in an organization. If the user logs in, they can’t view the content because they are no longer anonymous. They are now an external user and must verify their identity to view content in the organization.
Additionally, we block external users from:
Accessing your organization's product data with mobile apps
Viewing your organization's product data through mobile push notifications
When external users try to access new data from a mobile app, we let them know they can't access it. If an external user is logged in, they can still see previously accessed data. We temporarily store data for up to 30 days.
Learn more about mobile app management