• Products
  • Documentation
  • Resources

What is external user security?

People in your organization work with external users beyond your administrative control. For example, these people can be from outside your company or from different departments inside your company.

As an admin, you manage the tension between how to:

  • Give external users access to encourage collaboration with your employees

  • Prevent unwanted access to your data

External user security helps you protect data in your organization. You can require an extra step of security when external users try to access your organization’s data.

This is an example of how external user security works:

Steps that shows log in and verify identity
  1. User logs in to Atlassian to access Confluence in Bancly Inc.

  2. User clicks on Jira ticket from Acme Global but needs to verify their identity to view the ticket

  3. User verifies their identity with a one-time passcode

  4. User views Jira ticket in Acme Global

Limitations of external user security

External user settings don't apply in some cases. We won't verify the identity of external users when they:

  • View in-product notifications

  • View data through an app link

Learn more about app links

External user access to Atlassian products

External user security settings apply to all the external users in your Atlassian organization that use these products:

External user access to public content

An organization may make content available anonymously to users which means it’s public content. When you apply external user security to the organization, an external user may not be able to view the public content anonymously.

For instance, a user is not logged into an Atlassian account when they view content anonymously in an organization. If the user logs in, they can’t view the content because they are no longer anonymous. They are now an external user and must verify their identity to view content in the organization.

Additionally, we block external users from:

  • Accessing your organization's product data with mobile apps

  • Viewing your organization's product data through mobile push notifications

When external users try to access new data from a mobile app, we let them know they can't access it. If an external user is logged in, they can still see previously accessed data. We temporarily store data for up to 30 days.
Learn more about mobile app management

Still need help?

The Atlassian Community is here for you.