Hello,
I´m installing an integrated solution with jira service desk and confluence for an enterprise.
We work with a few diferent companys and need to give support for all of them.
We plan to have one project of jira for every company with an asociated confluence space.
We are dealing with a few security obstacles.
-We would like not publishing our confluece space on internet but want our clients to have access to their space via jira. We want to have our private resources on a diferent space of confluence and we consider it's insecure to publish it.
It´s some way to do this?
There is some kid of two factor authentication?
We need to ensure our private information.
Our servers are behind a SSL reverse proxy.
Which is the best aproach to this kind of instalation?
Thank you in advance.
Regards.
You really should start with a conversation with your Infosec team to see what they will require. Fundamentally, you will be giving your Jira and Confluence instances direct internet access. The Application security can ensure that users can see only the content they are supposed to, but not all Infosec teams are comfortable with relying on application security. Then there is the concern about application vulnerabilities and the ability for hackers on the internet to have the ability to exploit them.
This is an issue that many companies are facing. Here is what we commonly see with clients the we work with. I'd expect one of these will apply to your company as well.
We typically work with Infosec at our clients to give them all the information possible. This can help them make an informed decision. Often times, the initial response is based on ignorance of the tools capability, and once they understand how application security works and what the risks are, you might be able to do #2 above.
Hello,
Thanks for the fast reply, probably we will implement some 2FA.
I'm now struggling with what I think, is a strange behaviour.
I have now two confluence spaces, configured for two diferent clients (enterprises).
The clients of this enterprises will be unlicensed users, maybe its so simple, but I can't achieve the clients of one enterprise to see only that one space but not the other one.
Tried to create user groups or give them individual permissions but anything seems to restrict the access. Unlicensed clients stay like they are all the same.
There is some way to manage clients from jira not having web access but seeing the articles from the jira space? Or only having access to their space?
I'm adding the clients on confluence and jira, don't manage them from jira.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It's not strange behavior. It's expected behavior. Granting "Anonymous" access (you are referring to this as "unlicensed users") means anonymous. Anyone and everyone can see that Space. In order to do what you are proposing, you will need to have your clients log in, and therefore consume a license. There is no other option.
Jira Service Desk has the concept of "agent" users and "customer" users. Customers have free access. When you connect a Jira Service Desk Space to a Confluence Knowledgebase, customers can see the knowledge articles that come from Confluence in Jira Service Desk with their free license. That might be a workable solution for you, given that it sounds like these client users will also be using Jira. Atlassian has a video demo that you can watch to see how this might work for you. I hope that helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
They are not anonymous users, are the customers from jira, and they can access other customers knowledge base.
I mean, if I sign on on confluence, with a customer user, I can access every customer knowledge base.
This is the configuration on two knowledge bases of two clients.
Because this configuration every customer can see the two knowledge bases instead of their project one. (knowing the url)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Got it. The issue is likely with your Space permissions. I would recommend managing permissions as follows.
Doing this will allow the customers to log in to Confluence only. They will not see any Spaces or content.
Then:
This will cause the customer to only see a single Space when they log in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.