It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

External access to Confluence page, security

Dear Atlassian,

 

I am currently exploring the potential of Jira/Confluence for the company I work for. 

My company is an accountancy firm that requires clients to send in sensitive documents.

This means that we want to give (external) clients access to a safe environment in which they can drop their information (possibly via Multi-Factor Authorisation). The demo on Confluence on youtube claimed that folders can be made public, but will then be indexed by google and will be publicly accessible by anyone, this, of course, would be a major security hazard for our company and our clients.

Is it possible to create safe folders in which clients can drop their documents, possibly via an anonymous invitation link, or by adding them into the system as users? (would the latter count towards the Confluence/Jira license user count?)

I am asking the above in regards to both general IT-security and privacy, but also with regards to the EU GDPR, and accountancy compliance regulations.

 

Thank you for your time,

 

With kind regards,

 

Maurice

2 answers

2 accepted

1 vote
Answer accepted
Petr_Vaníček Community Leader May 02, 2019

Hi,

I could recommend to you look at those documentation pages.

https://confluence.atlassian.com/doc/space-permissions-overview-139521.html

https://confluence.atlassian.com/doc/page-restrictions-139414.html

You can set many variants of permission configurations based on your use case and what do you need.

Your "folders" are Spaces in Confluence terminology as what I expect. So for example you can use it with Space per customer/company or (what is maybe better, but you must be little bit more beware with configuration) you can use one Space for all customers/companies where based on tree structure you can restrict view/edit to any branch of tree to group of people from your customer. That's just idea and common use-case.

Regarding license - yes, it will count in your license user tier as it's non-public instance.

Hope it helps you and if you will have any question just let me know.

I would also consider if clients would be allowed access to each others' pages/documents. 

In our firm (global accounting firm) we maintain secure and separate instances of Confluence/Jira and tightly control both internal and external access when the spaces or projects need to be client accessible.  We also have internal-only instances, again the access to which is tightly controlled.  One of our golden rules is one client per external instance, meaning any accidental cross-contamination is impossible.

Let me know if you want to discuss in more detail.

Thanks, Gillian. Does having separate external instances of Confluence per client increase your subscription cost? I'm wondering, as I'm building a view-only product documentation site(s) and only need to limit it for our customers versus the entire world (i.e., only our customers would read the product docs). Not sure how that compares to what you do.

Thanks, Gigi

I believe there is additional cost, but I think it's more to do with hosting an additional server.  Not sure though, as I'm not fully involved in that aspect of our use of Atlassian tools.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What project did you transition or start on Confluence with the shift to remote work?

It’s been great to hear from fellow users over the last few weeks about the best tips and fun moments you’ve had working on Confluence since the transition to working remote. I’d love to keep the c...

109 views 3 7
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you