Getting started with Guard

通过以下三个步骤开始保护您的业务，以深入了解您的组织，并有效地管理用户的访问权限。

A strong authentication policy can help prevent the risk of compromised accounts from accessing your data. Since teams and users can access a variety of tools and information, you have the control to make different requirements apply to different sets of users.

• Enforce two-step verification or single sign-on
• Create different authentication policies for different cohorts of users
• Create authentication policy for external users
• Get alerts when authentication policies are changed (Premium only)

Avoid manual, error-prone processes by connecting to your existing identity provider to automate user provisioning. By specifying a SCIM schema, you can automatically create accounts and update group memberships, providing your users with the right product access for their role or business unit. By automatically removing users when they leave your organization, you avoid paying for users who no longer need access.

• Connect an identity provider and automatically provision users
• Automatic sync new users, removes old users, and updates group memberships for existing users

User API tokens are used to perform actions using the API. They are tied to individual users, and if compromised, they can present a huge risk to your organization. As an admin, you can gain control and visibility into the user API token lifecycle with Guard.

• Revoke API tokens so they can no longer be used
• Get alerts when tokens are created or revoked (Premium only)

如何进行网域验证？

假设您的公司名为 Acme Inc.，拥有“acme.com”和“acme.co.uk”这两个网域。

设置组织后，即可通过组织视图中的“目录 > 网域”页面验证您对这些网域的所有权。您可以将一个 HTML 文件上传到网域对应网站的根文件夹，也可以将一个 TXT 记录复制到域名系统 (DNS)。

完成上述任一步骤后，可以点击“验证”。现在，使用“jack@acme.com”和“jill@acme.co.uk”等网域的电子邮件地址来创建帐户的 Atlassian Cloud 用户，将作为贵组织的一部分受到管理。

您需要知道，验证网域后，可能要开始管理不在当前管理范围内的站点和产品的 Atlassian 帐户。例如，公司内的其他团队或员工注册了 Atlassian Cloud 产品，而他们之前不属于您的职权范围。我们建议您在验证网域之前，向公司内使用 Atlassian Cloud 产品的其他站点管理员或团队核实，让他们了解即将发生的更改。

在组织的管理员验证网域之后，使用该网域的电子邮件地址的 Atlassian 用户将在其个人资料设置中看到一条消息，告知其帐户现在由组织进行管理。

您可以前往组织的受管理帐户页面，编辑各个帐户的用户详细信息。如果您要应用安全策略并订阅 Atlassian Guard，则使用受管理帐户的用户将受您设置的任何策略的约束。

Loss of sensitive company data can be disastrous for an organization. Jira and Confluence capabilities designed to aid collaboration, such as export, public links, and public access, can become a risk when handling confidential, commercially sensitive, or otherwise mission-critical user-generated content.

Data security and mobile app management (MAM) policies help you govern how users, apps, and people outside of your organization interact with content, such as Confluence pages and Jira issues, and reduces the risk of data leaving the applications you control.

• Create data security policies to restrict actions like export, public links, and anonymous access
• Use a mobile app policy to block screenshots, screen recording, downloads, and more
• Apply data security policies to classified data (Premium only)

Data classification is the process of labeling information. It serves as the foundation of a data governance strategy in many organizations, particularly those that need to comply with government or other regulatory requirements. By adding classification levels with Guard, your space and project admins can set a default level for their space or project, and users can classify individual pages and issues.

Data classification capabilities, exclusive to Guard Premium, include:

• Manage organization-wide classification levels
• Apply classification levels to Confluence and Jira content
• Use data security policies to block actions like export, public links, and more for classified content
• Get an alert when the classification level of content changes

什么是 SAML SSO？

SAML 单一登录 (SSO) 允许用户通过公司现有身份提供程序对 Atlassian Cloud 产品进行身份验证。这意味着，用户可以使用同一组凭据访问多个工具，同时使用一种更安全的身份验证方法而不只是用户名和密码。

As an admin, you may struggle with resource allocation or security risk management due to limited visibility into how your teams are using Atlassian cloud products. Guard gives you visibility into your organization’s product usage, shadow IT, and users’ security posture, so you can make informed, data-driven decisions.

• Get insights into active users and authentication methods
• View products created by managed users, administered outside of your organization

When it comes to diagnosing issues or answering questions around user activity in detail, you need to be able to access and examine that data easily. With audit logs in Guard, you can track key activities that occur within your Atlassian organization. Use these activities to diagnose problems or questions related to user details, product access, managed accounts, and organization settings.

Audit log capabilities include:

• View audit logs for administrator activity, such as changes to user access
• View audit logs for user-created activity (Premium only)
• Track user API token usage (Premium only)
• Use webhooks to send audit log events to a third-party tool (Premium only)

什么是用户调配和取消调配？

借助用户调配和取消调配功能，对 Atlassian Cloud 产品的访问权限将由您在外部目录中设置的规则定义。每当从外部目录中添加或删除用户时，系统都会自动纳管或取消纳管用户。此用户目录通常由软件提供商以服务的形式提供，被称作身份提供程序。Atlassian Guard 允许客户将其 Atlassian Cloud 产品与身份提供程序进行集成。

Get alerts when certain types of user activity are detected, such as authorization and access events, data exfiltration events, product and integration configuration changes across Atlassian Administration, Jira, and Confluence.

With alerts, you have the information you and your security team need to thoroughly investigate the alert and remediate, if necessary.

• Get an alert when detection criteria is met
• Send alerts to your existing SIEM or messaging tool
• Exclude specific users to reduce the number of false positive alerts

When work happens in Confluence and Jira, there’s always a chance someone includes data that shouldn’t be stored in your Atlassian cloud products, such as credit card numbers, API tokens, or AWS access keys.

Get alerts when certain types of sensitive data are added to a page or issue, allowing your security team to investigate and remove the data if appropriate.

• Get alerts when common types of sensitive data are added
• Create custom detections for terms, phrases, and patterns
• Exclude selected pages or issues to reduce the number of false positive alerts
• Integrate with your existing SIEM or other tools