I run a support desk on JSM for customers of our software package. They raised support tickets with us via a subdomain, https://support.ourdomain.com/.
We have taken on a new customer that is in a different time zone than us, so we have enlisted a third party support company to look after support for that specific customer. They will be using our Jira instance to handle this.
I want to isolate those users so they're only able to see tickets/info related to the customer they look after, and not see details of other customers on our support portal.
What is the best way to do this? From my reading, it seems there are two approaches:
1) Create a separate JSM instance specifically for that customer, and then just give our 3rd party support agents access to that project.
2) Using issue security and setting security principles up to restrict their view.
I'm wondering what is considered best practice in terms of JSM? It seems both options have pros and cons. At the moment I'm leaning towards option 1, creating a separate instance, however I'd rather make sure that I'm not being short sighted with my approach.
Thank you.
Hi @Gareth Jones!
This is a great question — and a challenge many teams run into when expanding support coverage across time zones or working with external vendors.
From setups I’ve seen, both options you mentioned are commonly used:
– Creating a separate JSM instance for full isolation
– Keeping everything in one instance, using issue security and role-based access
Which route is better often depends on whether your priority is strict data separation, or centralized management and reporting.
In one case we worked on, a client had a very similar situation — they needed to give a third-party support provider limited access to specific tickets only, while keeping other customer data off-limits. On top of that, they wanted smoother collaboration between teams — ideally right inside Jira, without relying solely on comments or email.
To support this, a new feature was added in Tick that enables an interactive mode in the JSM portal. When enabled, it allows end users or selected agents to check off steps, suggest additions (if permitted), and follow progress in real time — all within the portal.
Agents still stay in control — they decide when this is allowed, and can disable it at any time.
This approach didn’t replace issue security, but provided an extra layer of visibility and task-level collaboration — especially useful when multiple teams work on a single request.
Happy to share more if relevant — and would love to hear how others have handled similar setups!
Best practice is to use an work item security scheme, there is no need for 3rd party solutions.
A separate portal can be useful, but if you use the same request types, its a lot of work to keep everything in sync.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.