- Sunnie Ho
- Head of Global Cash Operations, Atlassian
- Tom Alford
- Deputy Editor, Treasury Management International
How Atlassian’s Treasury is Optimising Portal Access Management
The treasury team of the global software company building AI-powered team collaboration tools, Atlassian, oversees user access management across multiple online portals for its banks and payment providers. Sunnie Ho, the firm’s Head of Global Cash Operations, reveals how an in-house build is empowering internal stakeholders with appropriate and timely permissions.
With recent major acquisitions and strong organic growth, Atlassian’s user base for online banking and payments portals had swiftly risen to more than 300. However, its existing access request process was fragmented and spanned multiple communication channels, including email and internal messages. Lack of centralisation inevitably led to accountability and auditability gaps, and significant inefficiencies in reviewing and approving access requests. With the resulting delays and frequent repeat inquiries, this was an unnecessary risk calling out for a robust solution.
Indeed, the treasury team perfectly understood the critical need for a more systematic and streamlined approach. The solution would have to enable easier access provisioning and deactivation procedures for Atlassian’s banking and payments portals and a number of connected treasury tools.
Achieving this goal quickly demanded flexibility in workflow design and cross-platform integration capabilities, recalls Ho. With the treasury team open to collaboration with the internal IT team, it was decided that an in-house build would be the most effective way to deliver what she refers to as “a systematic workflow for user access management of treasury-managed tools”.
Extra motivation for getting this project underway came when Atlassian undertook a peer benchmarking exercise. “We could see that others were struggling with the same access management issues, and that increased treasury automation and future scalability really would be boosted by more efficient workflows.”
Keeping it in-house
The reason for keeping the project in-house was simple. Having considered the available external options, it was soon realised that, without extensive customisation, there was nothing on the market capable of immediately serving the broad sweep of process requirements exhibited by Atlassian’s multiple banking, payment and other treasury tools.
“Obviously we’re familiar with all of our own internal tools and processes, so we soon grasped that the best option was to pull together a team to design and build our own solution,” recalls Ho.
Fortunately, Atlassian is a software company benefiting from its own finance technology team. This unit, Ho explains, acts as a bridge between the business and engineering teams. “They are familiar with our internal business processes, but they also have knowledge of the technologies we create as a business, and how these could be adapted to suit our own needs.”
Following discussions with the internal tech team, Atlassian's flagship work management app, Jira, seemed to stand out as a good project fit. Jira provides a shared platform for every team to align on goals and priorities, track and collaborate on work, and gain the insights they need to “build something incredible” together.
Tackling all touchpoints
“We had to map it out for each individual online banking and payments portal, and each tool that we manage, and then explore and share with the team the workflows that we wanted to design and build,” says Ho.
The initial discussions around the use of Jira had served to formalise the project. Timelines were then set, with user-feedback-driven iterations planned to give a multi-phase approach to building out workflows. Progress was to be defined by agreed milestones.
The practical project focused first on selecting the tools to be incorporated. All required customisations then had to be mapped. It was decided to kick off with the integration of Atlassian’s global principal banking partners, where the number of users was greatest. This was followed by the integration of all other touchpoints.
It was realised too that if the system was connected to the company directory, when an employee left, it could generate notifications and streamline the removal of their access rights. While the granting and removal of access rights were at the heart of this project for Atlassian, making the company directory connection also served to create a centralised audit of all grants and removals of access. As a public company, significantly easier reporting of all documented activities, via the workflow dashboard, was an added bonus.
Standard challenges
As with every project, there were a few minor bumps in the road, notes Ho. “When we started planning for this, one thing we didn’t consider straight away was that we would need to redefine access-granting along role-based lines,” she says.
Previously, the process was slow but had a degree of flexibility. Now, where nuances existed with access requests, for example, because they related to slight differences in access, even if permissions were sought from within the same team, it would be a challenge to build workflows to accommodate individual requests. But standardisation was essential to achieve scalability.
“Before we finalised the mapping, we had to talk to all of our business users with access to treasury tools,” says Ho. “And then, based on our understanding of each role, we had to work out with our engineers how to define every access need, and then secure each business function’s sign-off.”
All under control
Having achieved the necessary customisations for each platform and having centralised and automated all user asset management with real‑time status updates and logged actions, the business is now under full control where once risk increased as it expanded.
“Our implementation of automated request creation to deactivate invalid users has also resulted in substantial time savings,” states Ho. “By eliminating the need for weekly manual reconciliations between the user list and employee status records, we’re saving more than 150 hours annually.”
While the core functionality is up and running, there are additional features in the pipeline. “We’re now looking at adopting APIs to further automate access granting,” Ho reveals. “Our fintech partners love the idea, but we’re seeing a little more pushback from some of our banking partners, mainly for compliance reasons.”
Another opportunity seen on the horizon is with AI. “We’re always looking for opportunities to continuously improve this system,” says Ho. “Based on each role, we’re now exploring how AI can learn user roles and make recommendations for their access requests. We occasionally see mismatches here, so we’re figuring out if and how AI could help with response standardisation.”
Key aspects of the Atlassian solution using Jira:
- Centralised workflows: All users now follow a standardised process by submitting access requests via pre-defined roles. These requests undergo a structured review and approval sequence involving line managers, treasury managers, and portal administrators, ensuring adherence to established procedures.
- Customised workflows: Tailored execution steps are designed based on the specific entitlements and limitations within each bank and payment service provider’s portal. For instance, in dual-admin scenarios, the access request workflow requires two admin actions to complete.
- Automated request creation: The tool seamlessly integrates with the company directory and monitors employee status changes. When an employee’s status becomes unknown (due to departure, for example), an automatic access removal request is triggered to immediately deactivate the user.
- Real-time status updates: The dashboard provides a dynamic, instantaneous snapshot of all access request statuses. This centralised view ensures transparency and timely awareness. Progress can be tracked, bottlenecks identified, and actions taken to resolve issues or escalate them swiftly.
- Comprehensive audit trail: Each access request leaves a detailed trail of actions taken. From initial review to final execution, a record is made of every team member involved, along with precise timestamps. This audit trail not only enhances accountability but also facilitates compliance checks.
Taking the lead
“Part of the reason we were able to make this project successful is through partnership with the various teams across the business,” says Ho. “But it was vital for us to identify early on who the experts were in the areas that we were trying to make changes and process improvements.”
It was also apparent at an early stage that leveraging the existing tools would help immensely in terms of project timelines. As Ho comments: “When you adopt a new third-party system, there are processes such as system and vendor validation and familiarisation that will take additional time”.
Rather than persisting with non-standardised workarounds, the Atlassian treasury team took the lead on modernisation. In doing so, it has created a solution that establishes a unified, compliant, and scalable workflow, greatly benefiting its users and the wider company.
Indeed, given the rapid growth of the business and the pressure on its small treasury team to manage the risks inherent within user access management, this workflow solution is a prime example of how technology, teamwork, and tenacity can flow together for the benefit of all.
