It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How to set up Authenticated Read Only Access


I work for a large company and we are using confluence to publish documentation for some of our internally developed systems.  We have limited user license that is much smaller than the number of employees in the company.  We've using groups within Active Directory to control access.  We're granting anonymous access to people can see the pages.  This all works fine - anonymous users can see the information and our team can author it.  However, here's the rub.  If an individual who is not in one of the blessed groups log in, they get a permission denied error and can no longer see any information.  I've been told by the Atlassian sales team that allowing Authenticated Read-only access does not consume a seat in the license, but I have been unable to figure out how to set this up in Confluence.  Does anybody know how to do this?


Keysight Technnologies


8 answers

1 accepted

1 vote
Answer accepted
Davin_Studer Community Leader Nov 10, 2014

Anyone that has the "can use" permissions set up in global permissions will consume a license. So, if you are a member of a group that is set to "can use" or you are explicitly set up for "can use" then you will use a license ... which means even people set to read-only at the space level will use a license. After all licensing isn't a space level function it is a system level function.

image2014-11-10 13:28:5.png

I will simply comment on this to raise awareness.

It makes no sense to allow anonymous users read-only access but deny authenticated users that same access.

This is a security issue. At my company we are required to log every employee in to any web app due to Chinese hacking in the past. Now I read that anonymous users have more access than authenticated users in the system. I was lead to believe by the Confluence sales team that we could present read-only content to my entire company even though my developer base is small.

This is a contradiction and a problem for user communities. There's simply no way I will purchase 3000 seats when I have a developer base of 150. Outrageous.

I couldn't agree more. It's absurd that JIRA logged-in users can't access Confluence pages that are open to the public Internet via Anonymous permissions.

Thanks David, your answer is correct.  Atlassian sales told me that a read-only user would not consume a seat, but it doesn't appear to be technically possible at this time.

1 vote
Davin_Studer Community Leader Jan 20, 2017

Here is a possible work around for you that I have seen another site do. They created an account that has read only access and did not tell the employee base the UN/PW of that account. Then they created another login form themselves that would authenticate them against their login system and if it was correct would then submit the secret UN/PW for Confluence to the Confluence login page. That way they would not have to tell the employees the secret account and have to worry about resetting the PW when people left, but they could still make it such that you had to log in. They are not logged into Confluence as themselves, but they still do have to authenticate their account before getting in.

Thanks David for putting this out. Can I clarify that I understood you correctly? Suppose I have an application with user database.

1. Create Confluence read-only account to be shared across all users

2. Authenticate my users against my application

3. In the background, supply secret credentials to confluence (which will make the user to be authenticated against confluence)

4. Now users can see confluence page through the read-only account?

Davin_Studer Community Leader Oct 31, 2017

Yep, that's the gist of it.

Ok so what I understand is to create a login form on a web server and authenticate user but how will that form authenticate confluence in the background?


I wanted to see if there was an answer to the question above. I'm also in a situation where we only have 20 or so people that need edit access to confluence, but probably around 30 more that will need view access from time to time.

If there is an answer, it would be a huge help.

Also, I know Confluence/atlassian has been making a lot of changes lately - is there a way to raise this as a priority to them to make it easier?

Davin_Studer Community Leader Nov 08, 2018

@kyle If you are ok with the viewers being anonymous then you could enable anonymous access for the space (which will allow anyone to see it) and then get just enough licenses for your editors. Anonymous access does not use a license.

I agree this solution is inadequate. We have a developer base of 10 and a user base of over 1000. I struggled to get the licence for 10 seats across the line, there is no way I will get 1000 and there is an even slimmer chance I will open our processes to the internet. 


Biggest gripe with my favorite tool in 2019. 

When you configure the space, only grant the Anonymous users to have read/view space page permissions ( or you can do the same thing at a global level ( for your instance.

I don't think that is quite what I'm looking for. Here is what I'm observing. I have a space that allows anonymous access. I'm authenticating users against the corporate Active Directory. If a user doesn't log in, they can see the page as an anonymous user. If they choose to use the login link at the top of the page, they can authenticate because they are in the Active Directory, but they are not in a group that can 'use' confluence. What that user now sees is a 'permission denied' error trying to view any pages in Confluence. This is not intuitive. Now, perhaps this is a bug in Confluence in that if an Anonymous user can do a thing an authenticated user should also be able to do it. This can make it difficult to enforce the user license iimit, so perhaps it's only use and read permissions that can be granted to all users if anonymous access is allowed. But that it the problem. I want to keep my user base from being able to lock themselves out.

The global configuration allows users to have initial access to the instance, but each space must also be configured to allow the Anonymous users to have specific permissions (e.g., View) in that space, as indicated by the instructions at  By default each space usually allows members of the confluence-users group to have the space permissions shown in the instructions link, and these space permission configurations can easily be modified by a space admin.  If the space admin wants to grant anonymous user to have space view, add pages, etc. permissions, then these permissions can be granted.
*Bottom Line*:  When an anonymous user accesses your instance, he/she will only be able to view, etc. the spaces where they are permitted.
I hope this clarification has been helpful.

Thanks Jeff,  either I'm being quite dense or not clear about the problem.  I am having no issues with anonymous access.  The issue is when a user has authenticated (i.e. is known to the system via the LDAP directory)  I want them to have read only access to a space but not to consume a license seat.  According to Confluence sales, a read only user should not consume a set; however, when I grant my all-employees group the 'use confluence' permission and read only access to my space, confluence denies any user from making changes because the number of users has exceeded the license.  So, I'm trying to figure out how to configure Confluence so that my authenticated read-only users don't consume a license seat. 

Hi Scott_Selberg

i have JIRA SD linked to confluence, so i have linked spaces with JIRA projects and i have given read only access to specific groups.

those users can view the articles from JIRA dashboard/customer portal without consuming license.

i have enabled anonymous access but i'm controlling the users from JIRA uses management ( i used Atlassian Crowd for users directory configuration in Confluence)

so, those users cannot login directly to confluence but they can use JIRA or Confluence mobile to read articles.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Confluence

What project did you transition or start on Confluence with the shift to remote work?

It’s been great to hear from fellow users over the last few weeks about the best tips and fun moments you’ve had working on Confluence since the transition to working remote. I’d love to keep the c...

32 views 2 4
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you