Secure Anonymous Access

I have documentation that is for Customers only (i.e. should not be exposed on the Internet). My customers are going to access the documentation as READ-ONLY from within our application after logging into our app.

We don't have any SSO. The solution I have thought of is to have the in-app link to the documentation use a reserved login (i.e. some system account we create) so that it's authenticated, but doesn't require the customer to log in.

Is this in violation of any licensing?

Is there any technical concerns? For example, is it possible to overload one login with too many concurrent sessions versus spreading the sessions over individual logins?

 

Thanks.

-Roger

5 answers

2 votes

Hello, Roger!

It's really nice to know that you are putting Confluence, that is such a powerful tool for documentation purposes, to its best use. We look forward to continue providing you with the latest and greatest features and, maybe, even get you and your company to know our other amazing products.

Unfortunately, the use-case you proposed, besides being technically feasible, goes against the guidelines of our End-User License Agreement, specifically the following excerpt:

5 Authorized Users. Only the specific individuals for whom you have paid the required fees and whom you designate through the applicable Product (“Authorized Users”) may access and use the Products. Some Products may allow you to designate different types of Authorized Users, in which case pricing and functionality may vary according to the type of Authorized User. Authorized Users may be your or your Affiliates’ employees, representatives, consultants, contractors, agents, or other third parties who are acting for your benefit or on your behalf. 

The only solution we can present in order to accomplish what you described is by creating one account for each of your customers and then, when your Confluence portal is loaded through the Internet, it will ask for an username and a password. It's worth mentioning that you can also control what spaces should be available to each user and even restrict specific documents from being viewed or edited by anyone but a number of allowed users or group of users.

If you have any further doubts regarding this request, feel free to respond to this answer. For any other doubts, we put this Answers channel at your disposal, as any of our engineers or even the community will be able to help out.


Regards,

João Palharini

Support Engineer @ Atlassian

I've made a mistake in here Roger, as João said, if you followed what I mentioned that would go against our license :).

Hi Guys, thanks for the responses.

I'm a little confused then. If I were to just use Anonymous access, there would be no need for "Authorized User" accounts, right?

There isn't really a difference here since everyone accessing would only have READ-ONLY rights like an anonymous user. I'm just protecting the content from the outside by using one login to launch the content.

 

-Roger

0 vote

Roger,

Firstly, answering the first question you asked, there really would be no need for additional licenses when using anonymous access, but, as far as I know, it's an exclusive exception for this use-case and it wouldn't apply to your necessity, as it will be accessible to anyone on the Internet.

In order to gather additional information on the EULA or other licensing-related questions, I'll recommend that you reach out to our sales department in sales@atlassian.com. Surely, they will be able to better guide you on this request.

I sincerely apologize for not being able to help at the moment, but I'd rather provide the absolutely right orientation for you to choose the best path, and Sales should be the way for that.

 

-João

0 vote
Jim Conaty Atlassian Team Dec 29, 2014

Hi @Roger Lee. I know you've also been talking to Mike Cardno here at Atlassian about this too.  I believe Mike mentioned that it using a single login to authenticate and have multiple customers access it does violate our End User Agreement, specifically section:

7.3 Credentials. You must ensure that all Authorized Users keep their user IDs and passwords for the Hosted Services strictly confidential and not share such information with any unauthorized person. User IDs are granted to individual, named persons and may not be shared. You are responsible for any and all actions taken using your accounts and passwords, and you agree to immediately notify Atlassian of any unauthorized use of which you become aware.

I know Mike is continuing to work with you on this, please continue to reach out to him directly.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Confluence

Three common content challenges + how to manage them

An efficient enterprise content management system, or ECM, is a must-have for companies that create work online (cough   cough, all companies). If content calendars, marketing plans, and bu...

63 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you