Can I restrict login rights to specific users and groups in Confluence?

I have Confluence configured to use JIRA as it's user repository.

Observation: All users in the JIRA repository appear to be allowed to log in to Confluence, though they don't have rights to see anything by default.

Desire: I would like to prevent anyone not explicitly granted login permission from logging in. Is this possible?

1 answer

1 accepted

This widget could not be displayed.

Yes.  Go to global permissions in both JIRA and Confluence and look at the "can use" permission - that determines what groups can log into each of them.

I suspect you will find it names "jira-users" in both - you'll want to remove that from confluence and replace it with a group such as "confluence users"

 

I'm not seeing what you describe. In Jira I have these relevant groups configured: jira-users (3 users), jira-administrators (1 user), confluence-users (0 users), and confluence-administrators (0 users). In Confluence I have one user ("admin") assigned to the confluence-administrators and confluence-users group. Looking at the global permissions page in Confluence, only the confluence-administrators and confluence-users groups have "can use" checked. Individual users and anonymous users are not given access. However, any user in the Jira directory is being allowed to log in to Confluence. They see a page that says "You are not permitted to perform this operation.", though they ARE logged in. I'm concerned that this will waste one of my user licenses in Confluence.

If I look at the user who logged in I can see their Last Login date is just a few moments ago, even though they shouldn't have access to Confluence.

The login date is not that important, and it happens even when you don't have access. If you try to log in (and that can be from an addon or linked page), if it finds you in the directory, it's a login, even if it then goes on to say "ah, but you can't actually use me". Bit of a pain to be honest. The thing to check is the number of active users in each system - if you look at the system info page it should tell you how many *active* users you have. When you're counting these, bear in mind the rules: - It *is* "this user can log in" - It de-duplicates accounts - if you are in three groups that allow login for some reason, then you will only count once - Inactive users can be flagged in the user maintenance, but still appear in the login groups - "can use" is the most important permission, but *admin* users can always log in too, and hence they always count. Even if they don't exist in the users group, they can log in. I would expect your JIRA to show 3 users (I am assuming that your admin is in both jira-administrators and jira-users) and Confluence to show just 1.

Yea, I confirmed the license usage is being reported as I'd want it to be, so that's good. I just don't really like being able to log in when you can't really use the system. No access should literally mean no access.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 17, 2018 in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

582 views 7 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you