The Ultimate Manual to Atlassian Access

With Atlassian Access, customers have a system to improve the security and management of all Atlassian products in use at the organization. Atlassian’s developers designed Access primarily for cloud users, helping them gain all of the benefits from migrating to the cloud while maintaining security protocols.

For an enterprise using or planning to use Atlassian products in the cloud, this guide shows the advantages and disadvantages of adding Atlassian Access.

What is Atlassian Access Anyway?

Atlassian Access provides enhanced security measures and user management for all Atlassian cloud products in use throughout an organization. There’s no need to put security together piecemeal, worry about shadow IT, or wonder whether one user’s security settings aren’t up to the enterprise’s standards.

All security settings and Atlassian software management occur from a centralized administrative area in Access, yielding the most consistent results.

Access Grows Alongside the Organization

A significant benefit of Access is its ability to scale its features along with any growth in the organization. Rather than adding security policies to each new user who comes on board, Access ensures the enforcement of all security policies across all users.

When choosing to add a new Atlassian cloud product to the organization’s suite, Access automatically covers it. When the group adds several new employees at once, Access scales to handle the extra workload. Its scalability allows an enterprise to take full advantage of the benefits of using cloud software.

Enhanced Support

Organizations that subscribe to Access automatically receive Premium level support from Atlassian. If the group only has a Standard plan with its Atlassian software products, the addition of an Access subscription automatically provides Premium level support.

Some advantages of the Premium Atlassian support level over the Standard tier include:

• Faster response: For the most serious issues, such as the application being down or a significant loss of performance, Atlassian support’s initial response time at the Premium level will be at least two to three times faster than at the Standard level.
• More hours: Standard support only works during local business hours, while Premium support is available around the clock for high-impact issues.

If your organization already subscribes to an Enterprise-level software license for Atlassian products, Access automatically gives Enterprise-level support.

Atlassian Products That Work With Access

Through the centralized administration available in Access, the administrative settings will migrate to all connected Atlassian products. The security policies and software features in Access will cover the following Atlassian cloud software products:

• Bitbucket
• Confluence
• Jira Service Management
• Jira Software
• Jira Work Management
• Statuspage
• Trello

How Atlassian Access Works

Organizations use Access to create connections among the Atlassian software products it’s using. Access allows businesses and organizations to make sure their user management settings match the organization’s security and compliance policies.

With Access, administrators can gain greater control over how users log in and what they can use for the login process, including SAML single sign-on (SSO) or two-factor authentication.

Additionally, Access simplifies the process of user provisioning. This means administrators can closely monitor the way accounts work, including creation, permission granting, changing permissions, and deleting and disabling old accounts.

Administrators receive visibility into the activities of members of the group through the audit logs that Access creates.

Stronger Login and User Behavior Tracking

With Access, the organization will have several options for controlling sign-on requirements for users, ensuring a greater level of security.

Administrators can set up SAML SSO to simplify the login process for users. Those organizations that use identity providers (or IdPs) will be able to use the Access single sign-on process efficiently and safely.

Additionally, Access creates reports that give administrators information about how the organization is operating. These reports can include audit logs about security issues and how the organization uses its Atlassian products.

How Can You Benefit From Using Atlassian Access?

Some of the ways different organizations can gain benefits from using Atlassian Access include:

• Extra security: Access provides an additional layer of security for the organization without bogging down the ability of team members to work and gain access to the tools they need.
• Saving time in administration: For administrators who feel they spend too much time handing permissions for users, Access allows you to set up universal permission rules for members of a particular team, saving time.
• Simplifying onboarding: When new hires come into the organization, they can begin working almost immediately, rather than spending the first few days trying to set up passwords and gain access to the software and tools they need.
• Simplifying removal of permissions: When employees leave the organization, the administrator can quickly change the user’s employment status to revoke all permissions and login credentials, enhancing the entire system’s security.
• Easier for Atlassian users: Those who already use Atlassian software products will have a far easier time gaining access to their tools without needing to remember several passwords.
• Generate tracking data: Access gives the organization the ability to track how members of the group are using various Atlassian products, making team members more efficient and helping administrators determine where bottlenecks are occurring.

Example #1: User Provisioning

When using Atlassian Access, administrators will have a set of protocols in place for onboarding and removing users. For organizations that already subscribe to an identity provider service, Access will integrate with the IdP to greatly simplify adding and removing users.

With Access and its integration with the identity provider, adding users who join the organization or who become part of a new team within the organization becomes a streamlined process.

Perhaps more importantly, Access automatically removes access to users as they change jobs at the company or leave the company. This feature reduces the possibility of suffering data breaches or having a disgruntled employee steal data after leaving the company while waiting for the software permission settings to catch up to the employee’s revoked status.

The administrator sets up the parameters of these user provisioning and de-provisioning features inside Access. The automated process happens based on these parameters.

Saving Time With Onboarding

Access can integrate with the Atlassian cloud products the organization uses. This simplifies onboarding.

When a new employee joins a particular team in the organization, the administrator can set up Access to automate access to all software apps required to perform the new employee’s job duties.

Within Access, simply add new employees to the groups of which they will be members. Based on the administrative settings for each group within Access, a new user automatically will receive access to all of the Atlassian software products needed for each group and member.

Should the employee move to a new team later, the administrator can move the user to the new team within Access. The software then automatically adds access to the new software products the employee needs while revoking privileges to any products no longer needed.

Example #2: Sign-on Through Identity Providers

With SAML single sign-on, an organization starting to use Access can use the identity provider services they’re already using, thanks to the integrations that Access supports.

The SAML SSO process with an IdP gives users an easier means of accessing all of their Atlassian software through a single set of credentials and one sign-on process. SAML SSO also simplifies things for the administrator, as the administrator can set up security controls for verifying user identities through a single setting within Access.

Making Use of an Identity Provider

The most popular IdPs that will work with Access include:

• Okta
• CyberArk (formerly Idaptive)
• OneLogin
• Google Cloud Identity
• Azure AD

The identity provider is a service that allows organizations to store and manage their digital identities. They help organizations maintain high levels of security while giving team members the access they need to be as productive as possible. With the IdP, the user’s identity is secure, which protects organizations against the possibility of stolen passwords or credentials.

Example #3: Enforcing Two-Step Verification

For organizations that do not use IdPs, Access also supports the process of setting up two-step verification for all users. With two-step verification (also called two-factor authentication or 2FA), users must first enter a password.

Once that’s successful, the login software will then ask the user to enter a second item, such as a passcode. The software will send the passcode directly to the user’s smartphone via text message or email address.

The two-step verification works to protect the company in case one user suffers a stolen password. The hacker with the password cannot access the account without access to the user’s phone or email account.

With Access, the administrator can force users to use two-step verification rather than making it optional. The two-step process can feel like a bit of a hassle to users in the organization, but it’s necessary to deliver the highest level of security when an IdP is not in use.

Setting Up Two-Step Verification

For users in the organization using Atlassian tools where two-step verification is not yet in use, the process becomes automatic under Access.

Once Access is set up and running, current users will need to log out of the account and provide information on a second means of identification before attempting to log back into the account. Two-step verification will begin immediately.

Any new users joining after Access is up and running must set up the second means of identification at the initial setup.

Example #4: Generating an Audit Log

For organizations that need to track all administrative activity that occurs within the Atlassian cloud software packages in use, Access will create audit logs that generate comprehensive tracking capabilities.

Access provides the ability to filter items entered into the audit log, making it easier to find a specific item in the log. Administrators also can export the audit log into a .csv file for convenience.

Administrators can use the audit log for several items, including:

• Tracking loss of data: Should the organization suffer a data breach, the log will show which administrators made use of which segments of Access. This information may show the location of the breach and any suspicious activity occurring in the organization.
• Controlling access: The audit log within Access will provide insight into which users should have access to which information within the Atlassian software tools. Should the log show that someone gained access to documents inadvertently, this could be a sign of a data breach or a permissions issue that needs fixing.
• Troubleshooting: Through the audit log, administrators can see which users were accessing certain areas of the Atlassian software before a crash or another issue. This information can help avoid similar problems in the future or find oddities in the system.

How to Get Started With Atlassian Access

When the organization decides to begin using Atlassian Access, just follow a few simple steps to be up and running.

Verify the Organization’s Domains

Administrators need to complete a few preliminary steps before subscribing to Access. These steps will ensure the organization’s settings in its Atlassian software products are ready to work inside the Access architecture.

First, the organization will need to verify which of its domains it will use with Access. Verification of domains also tells Access which email addresses and user accounts to link to that domain. (The domain is the portion of the email address that follows the @ sign.)

Go to the organization’s administrative page in one of its Atlassian software accounts and click on Verify Your Domains. Follow the prompts to perform the verification process.

After verifying the domain, Access gives the administrator control over the Atlassian accounts associated with the domain. This is the key to making universal security changes or managing user accounts within the organization.

Subscribe to Access

To add Access to the group’s Atlassian cloud software subscriptions, open the Atlassian Access home page. Click the Get Started button in the upper right.

After choosing your organization on the next screen, follow the prompts to begin using Access. A 30-day free trial option is available before needing to switch over to the pay subscription.

Pricing for Access depends on the number of unique users on the organization’s account.

• Up to 10 users: Flat fee of $30 per month for up to 10 users
• Up to 250 users: $3 per user per month for up to 250 users
• Up to 1,000 users: $3 per user per month for the first 250 users and $2 per user per month for the following 750 users
• More than 1,000 users: $3 per user per month for the first 250 users, $2 per user per month for the following 750 users, and $1 per user per month for each user beyond 1,000

The pricing tiers are a little confusing. Atlassian simplifies coming up with a pricing estimate for Access through its Access pricing calculator webpage.

Begin Using Access

After subscribing, the administrator can begin setting up security policies for the user base. For many organizations, the first step will be to control user sign-on policies.

Should the organization use an identity provider, the administrator can allow a SAML SSO process for users.

For those who don’t use an IdP, Access allows the administrator to require a two-step verification process for sign-on.