• Products
  • Documentation
  • Resources
Products
Documentation
Resources
Atlassian Support
/
Security and access policies Resources
/
Learn about security solutions and standards

Understand Atlassian Guard

Atlassian Guard is a subscription that you purchase for your Atlassian organization. It provides tools for user management, user security, data loss prevention, and threat detection. Whether you're looking to streamline user access or safeguard sensitive information, it supports your organization's security needs.

Atlassian Guard can help you:

Which plan is right for my organization?

Whether Atlassian Guard Standard or Atlassian Guard Premium is right for your organization will depend on your company’s security needs.

  • Atlassian Guard Standard (formerly known as Atlassian Access) provides capabilities such as single sign-on, user provisioning, user API token management, data security controls, and more.

  • Atlassian Guard Premium is an add-on for Atlassian Guard Standard. It provides everything in Atlassian Guard Standard, and capabilities such as data classification, sensitive data detection, threat detection, and extended audit logs.

Not every Atlassian Guard capability applies to all products. See Atlassian Guard product and plan availability.

How to subscribe

Before you can subscribe to Atlassian Guard, you need to verify your domain and claim its accounts. The Atlassian accounts you claim will become managed by your organization. How to verify a domain for your organization

Subscribe to Atlassian Guard

To subscribe to Atlassian Guard:

  1. Go to admin.atlassian.com. Select your organization if you have more than one.

  2. If you have not already done so, verify your domain and claim accounts.

  3. Select Security.

  4. Select Start 30-day free trial and follow the prompts to start your trial.

Get a billing estimate

Atlassian Guard is billed differently compared to your existing product subscriptions. To get a billing estimate check out our pricing calculator page.

To understand who counts towards your bill, see:

Protect your organization’s users

The following capabilities help you secure and manage your organization’s users.

Provision users from your identity provider

User provisioning integrates your identity provider with your Atlassian cloud products. You can use the identity provider of your choice, but some capabilities are only available with selected identity providers.

With user provisioning, you can:

  • Automatically update the users and groups in your Atlassian organization when you make updates in your identity provider.

  • Deactivate a user in your identity provider and that user will automatically be deactivated and no longer have access to your Atlassian organization, giving you more security and better control over your bill.

Understand user provisioning

Provide single sign-on

Set up single sign-on (SSO) to allow your users to authenticate through your company’s identity provider when accessing Atlassian cloud products. You can use the identity provider of your choice, but some capabilities are only available with selected identity providers.

As well as the convenience of allowing users to authenticate with one set of login credentials and access multiple products during their session, single sign-on provides these benefits:

  • Apply authentication settings from your identity provider when users log in.

  • Automatically create an Atlassian account when users log in for the first time (if self signup is enabled).

If you use Jira Service Management, you can connect an identity provider and enable single sign-on for your help center.

How to configure SAML single sign-on for users

How to configure single sign-on for portal-only customers

Require users to log in with two-step verification

You can enforce two-step verification for all your managed accounts.

Two-step verification adds a second login step when managed accounts log in to Atlassian by requiring them to enter a 6-digit code in addition to their password. The second step helps keep their account secure even if the password is compromised, keeping your content and resources safer.

How to enforce two-step verification

Control authentication methods for managed accounts

You can use authentication policies to control how managed users in certain cohorts can authenticate and use products in your organization. This has a number of benefits:

  • Prevent managed users from logging in with a third-party account.

  • Enforce password and idle session duration requirements for managed accounts.

  • Control whether managed users can create and use API tokens.

Understand authentication policies

Control authentication methods for external users

The external user policy allows you to control how users you don’t manage can authenticate and use products in your organization. You can:

  • Require single sign-on or one time passcode for an account you don’t manage.

  • Require external users to verify their identity more frequently.

  • Control whether people with external accounts can create and use API tokens.

What is external user security?

Manage user API tokens

API tokens are used to perform authenticated operations with product APIs. Users create API tokens in their account profile. You can:

  • View tokens owned by users managed by your organization.

  • Revoke API tokens.

How to view and revoke user API tokens

Protect your organization’s data

Protect your organization’s valuable data with a solid data loss prevention and data use strategy.

Classify data

Data classification is the process of labelling information. It serves as the foundation of a data governance strategy in many organizations, particularly those that need to comply with government or other regulatory rules. Once you create classification levels in your organization:

  • Space and project admins can set default classification levels for individual spaces and projects.

  • Users can classify individual pages and issues.

  • Organization admins can created data security policies based on classification levels.

What is data classification?

Reduce the risk of data loss

Loss of sensitive company data can be disastrous for an organization. Some Confluence and Jira features, such as export, public links, and public access, are designed to aid collaboration. However, these features can introduce risk when handling confidential, commercially sensitive, or otherwise mission-critical content. Data security policies help you:

  • Govern how users, apps, and people outside your organization can interact with data such as Confluence pages and Jira issues.

  • Reduce the risk of data leaving products by preventing export, public links, anonymous access, and more.

What is a data security policy?

Block third-party apps from accessing certain data

Marketplace apps extend what your Atlassian products can do and are an important part of many organizations' ways of working. By default, these third-party apps can access user-generated content such as Confluence pages and Jira issues from the product where they’re installed.

Allowing third-party apps to access your organization’s most sensitive user-generated content may not be appropriate for your organization or industry. You can create a data security policy to block apps from accessing certain data in selected spaces and projects.

How to block app access to data

Detect and respond to threats

Whether it’s a malicious user, compromised account, or a genuine user mistake, identifying and investigating a potential threat early will help your security team resolve issues before they become major incidents.

Detect and investigate suspicious user activity

Guard Detect listens for certain types of user activity and generates an alert when the criteria is met. This could include authorization and access events, data exfiltration events, unusual user activity, and product and integration configuration changes across Atlassian Administration, Jira, Confluence, and Bitbucket.

Alerts are designed to give your admin or security professional all the information they need to quickly and thoroughly investigate the alert, and remediate if necessary.

What activity is detected?

Detect sensitive data

When work happens in Confluence and Jira, there’s always a chance someone includes data that shouldn’t be stored in your Atlassian Cloud products, such as credit card numbers, API tokens, or social security numbers. This sensitive data can pose a risk to your organization, especially in certain regulated industries.

  • Get an alert when common types of sensitive data including credentials, financial information, and identity data is added to Confluence pages or Jira issues.

  • Create custom detections to generate alerts when terms, phrases, and patterns that are sensitive to your organization, such as project codenames are added to Confluence pages or Jira issues.

  • Exclude selected pages or issues to reduce the number of false positive alerts.

What sensitive data is detected?

Monitor your organization

Atlassian Guard helps you see trends in your organization and gives you more granular tools for tracking and managing activity.

Organization insights

Organization insights provide data for user and product activity across your organization. For example, you can see the proportion of accounts that are logging in with single sign-on or two-step verification, view charts of user activity and mobile app access, and more.

These insights help you make decisions about your organization’s footprint and inform authentication and other security policies.

About organization insights

View audit log activity for your organization

While individual products have an audit log to track activity that happens within that product, the organization audit log is used to track organization admin activity, product admin activity, and user-created activity that happens across your organization. It provides deeper insights into what admins and users are doing across your organization. The organization audit log allows you to track:

  • Organization admin activities such as changes to product access, policy configuration, and other settings.

  • Certain types of activity performed by users, such as page and issue creation.

What activities does the audit log include?

Send audit logs to the tool of your choice

Most organizations have a wide range of software to manage and monitor their IT footprint. You can use webhooks to stream audit log events from your organization to the tool of your choice. This is useful if you have multiple organizations, want to manage all your logs in one place, or have certain retention requirements.

How to send audit log events to a third-party tool

Still need help?

The Atlassian Community is here for you.
Ask the Community
On this pageWhich plan is right for my organization?How to subscribeSubscribe to Atlassian GuardGet a billing estimateProtect your organization’s usersProvision users from your identity providerProvide single sign-on Require users to log in with two-step verificationControl authentication methods for managed accounts Control authentication methods for external users Manage user API tokensProtect your organization’s dataClassify dataReduce the risk of data lossBlock third-party apps from accessing certain dataDetect and respond to threatsDetect and investigate suspicious user activityDetect sensitive dataMonitor your organizationOrganization insightsView audit log activity for your organizationSend audit logs to the tool of your choice
CommunityQuestions, discussions, and articles