I have Confluence configured to use JIRA as it's user repository.
Observation: All users in the JIRA repository appear to be allowed to log in to Confluence, though they don't have rights to see anything by default.
Desire: I would like to prevent anyone not explicitly granted login permission from logging in. Is this possible?
Yes. Go to global permissions in both JIRA and Confluence and look at the "can use" permission - that determines what groups can log into each of them.
I suspect you will find it names "jira-users" in both - you'll want to remove that from confluence and replace it with a group such as "confluence users"
I'm not seeing what you describe. In Jira I have these relevant groups configured: jira-users (3 users), jira-administrators (1 user), confluence-users (0 users), and confluence-administrators (0 users). In Confluence I have one user ("admin") assigned to the confluence-administrators and confluence-users group. Looking at the global permissions page in Confluence, only the confluence-administrators and confluence-users groups have "can use" checked. Individual users and anonymous users are not given access. However, any user in the Jira directory is being allowed to log in to Confluence. They see a page that says "You are not permitted to perform this operation.", though they ARE logged in. I'm concerned that this will waste one of my user licenses in Confluence.
The login date is not that important, and it happens even when you don't have access. If you try to log in (and that can be from an addon or linked page), if it finds you in the directory, it's a login, even if it then goes on to say "ah, but you can't actually use me". Bit of a pain to be honest. The thing to check is the number of active users in each system - if you look at the system info page it should tell you how many *active* users you have. When you're counting these, bear in mind the rules: - It *is* "this user can log in" - It de-duplicates accounts - if you are in three groups that allow login for some reason, then you will only count once - Inactive users can be flagged in the user maintenance, but still appear in the login groups - "can use" is the most important permission, but *admin* users can always log in too, and hence they always count. Even if they don't exist in the users group, they can log in. I would expect your JIRA to show 3 users (I am assuming that your admin is in both jira-administrators and jira-users) and Confluence to show just 1.
Yea, I confirmed the license usage is being reported as I'd want it to be, so that's good. I just don't really like being able to log in when you can't really use the system. No access should literally mean no access.
I attended Atlassian Summit 2019 and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events