Why is this important? Organization admins can perform these organization operations:

Managed accounts, meaning you can edit details and deactivate or delete accounts, among other things.

What to do next: Review the user account and the permissions granted.

Why might this be important: API tokens allow a user to authenticate with cloud apps and bypass two-step verification and SSO, and retrieve data from the instance through REST APIs. Token controls allow admins to view and revoke the use of API tokens by their managed accounts.

What to do next: Review the token created with the user to ensure it was intentional, or revoke it.

Why might this be important: This allows administrators to integrate an external user directory with your Atlassian organization. Provisioning is available for all Atlassian accounts, which means that you can create, update, and deactivate accounts from your identity provider.

What to do next: Ensure that this external account management feature was enabled intentionally or disable the syncing. The authentication policy has been created, modified, or removed.

Why might this be important: IP allow-lists allow admins to restrict product access from specific IP ranges.

What you should do next: Review the policy to ensure it is configured correctly

Why might this be important: Two-step verification protects your Atlassian account by requiring a second login step. That second step keeps accounts secure, even if the password is compromised.

What you should do next: Review the authentication policy page

What happened: An administrator created an Application Tunnel to your instance

Why might this be important: An application tunnel allows you to connect your organization to a self-managed (Data Center or Server) instance. You can then link your cloud products to the target instance associated with each tunnel, without needing to open your network for any incoming connections.

What happened: A new verified domain has been added or removed from your org.

Why might this be important: When you claim accounts, we let users know with the domain that your organization manages their account when they go to their profile.

Verify your company’s domain to prove that you own all user accounts with that domain. Your company’s domain is everything that comes after the @ symbol in the email addresses of your users’ accounts.

What happened: The Atlassian Access audit log was exported to CSV.

Why might this be important: The audit log contains detailed information about your organization's users and their activity. Only org admins have access to the audit log.

What happened: An admin has logged in as another user.

Why might this be important: As a site admin, you can log in as another user to do things like set up their profile, ensure permissions are set correctly, and complete other configuration tasks. It's particularly useful when setting up new users, but you can also use it for troubleshooting existing user accounts.

Logging in as another user doesn't allow you to make updates to that user’s Atlassian Account profile. If their account is a managed account, only an organization admin can make updates to their profile.

What happened: An app or integration from the Atlassian Marketplace was installed

Why might this be important: Apps and integrations from the Atlassian Marketplace can be used to enhance cloud products.

What happened: An org admin’s password has been reset.

Why might this be important: Organization admins can perform these organization operations:

Managed accounts, meaning you can edit details and deactivate or delete accounts, among other things.

Why might this be important: Viewing a very high number of Confluence pages in a short period of time may be indicative of an automated bot or malicious user activity.

What you should do next: Check the audit log for activities that occur within your organization.

Why this might be important: Viewing a very high number of Jira issues in a short period of time may be indicative of an automated bot or malicious user activity.

What you should do next: Check the audit log for activities that occur within your organization.
The audit log tracks key activities that occur within your organization. You can use these activities to diagnose problems with or questions about user details, group memberships, and product access. Read more about audit logging.