• Documentation

What is external user security?

People in your organization work with external users beyond your administrative control. For example, these people can be from outside your company or from different departments inside your company.

As an admin, you manage the tension between how to:

  • Give external users access to encourage collaboration with your employees

  • Prevent unwanted access to your data

External user security helps you protect data in your organization. You can require an extra step of security when external users try to access your organization’s data.

This is an example of how external user security works:

Steps that shows log in and verify identity
  1. User logs in to Atlassian to access Confluence in Bancly Inc.

  2. User clicks on Jira ticket from Acme Global but needs to verify their identity to view the ticket

  3. User verifies their identity with a one-time passcode

  4. User views Jira ticket in Acme Global

Who can do this?
Role: Organization admin
Plan: Atlassian Guard Standard

Limitations of external user security

External user settings don't apply in some cases. We won't verify the identity of external users when they:

  • View in-product notifications

  • View data through an app link

More about app links

External user access to Atlassian products

External user security settings apply to all the external users in your Atlassian organization that use these products:

  • Confluence (includes Confluence guests) More about Confluence guests

  • Jira Product Discovery

  • Jira Software

  • Jira Service Management (JSM) (Atlassian accounts only)

  • Jira Work Management

Make sure external users with an Atlassian account can access JSM help

When you enable single sign-on, you must sync external users from your identity provider so they are not blocked from accessing the help portal.

External user access to public content

An organization may make content available anonymously to users which means it’s public content. When you apply external user security to the organization, an external user may not be able to view the public content anonymously.

For instance, a user is not logged into an Atlassian account when they view content anonymously in an organization. If the user logs in, they can’t view the content because they are no longer anonymous. They are now an external user and must verify their identity to view content in the organization.

Additionally, we block external users from:

  • Viewing your organization's product data through mobile push notifications

Still need help?

The Atlassian Community is here for you.