Can I require a password for anonymous users?

I'm currently evaluating Confluence. I've been playing with it for a couple of days and I love what I've seen so far.

I'm testing Confluence on a personal laptop just using localhost, but my understanding is that a "real installation" is always going to have a public address available from any computer. Is that correct?

We would be using Confluence for internal use only, and there are only a handful of people (probably 4) who would ever need to edit the information. However, there are other people who need to read the information.

Is it possible to only set up user accounts for the people who need to edit, but still allow others within the organization to view the files anonymously - without the files being available to the general public?

Basically, I'm asking if you can password protect Confluence as a whole without always requiring a user to log in.

We're a small team, and honestly the team is unlikely to grow past the 10 user mark in the near future, but thinking ahead I'd like to know what is possible. I'm hovering just below 10 possible users right now, and the cost jump between 10-11 users is rather substantial (getting anywhere near 25 users is extremely unlikely)

Thanks.

3 answers

1 accepted

1 vote

The crux of this is "no", because for security, you need to know who someone is, which means they need to log in before you can work out what you can or can't let them do. Anonymous access, by definition, means "anyone can do this without identifying themselves". Your statement "protect something without requiring a login" is a self-contradicting concept - the very fact someone has to enter a password means they're logging in (even if you bypass any need for an actual user name)

One really simple way around this would be to have a dummy user called "readme" or something like that, and you give the username/password to everyone you want to have "anonymous" access. The account wouldn't have write access to anything.

However, a better solution might be to use your network to simply block access from outside your corporate network, and allow full anonymous access (again, read-only)

No, an 'account' that you can login with takes a seat, you cant authenticate anonymously in Confluence.

You could achive the same ends by putting Confluence inside a basic-auth protected area and require everyone to key a user/password in order to access the system, actual users of Confluence would then need to enter a separate id/pass to becode editors, may be ok for a small number of users.

- http://httpd.apache.org/docs/current/howto/auth.html

There is a plugin called 'Security and Encryption'. Give it a try to see if that is what you need.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

387 views 21 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you