We're having quite an interesting use case, which I would love to hear ideas/recommendations for.
We have a current setup where users have to connect via a VPN to access Jira, Confluence, Bitbucket & Bamboo. Some content on Jira & Confluence is "public", so available for anyone without logging in. The VPN makes it so that only company employees are able to view this content as they have to login to the VPN first.
Other users, that need to update the content or work on issues, login to the tools which authenticates to the Active Directory via Crowd. Single Sign On is not enabled currently.
The VPN is slowly fading out of the business, making our tools one of the few to live behind them. While trying to onboard other teams across the organization, we encountered users that can no longer work with the VPN.
We're now looking for a way to remove the VPN, while preserving the ability to have some content public, without actually putting it out in the open for the entire internet to read.
We have lots of features of Azure, so many teams are looking into possible solutions, but I wanted to check if there are others out there who have a similar setup.
Our idea would be to create some sort of environment where users are brought to a login page, where they enter their AD credentials and login with 2FA. While being logged in there, they should be able to browse the available content that is 'public'. They can choose to login to the specific Jira or Confluence, but don't have to if they don't have a license.
If they haven't logged in to the central page with 2FA, they should not be able to view the tools at all.
So basically we are looking at ways to let people pre-authenticate on the AD, providing them access to the tools, without being logged in to the tools (so that we don't need to have a thousand fold of our current licenses).
Any ideas or similar use cases?
Looking forward for any feedback!
The SSO plugin sounds interesting. Currently we have some confluence spaces that are anonymously accessible so that we don't need to give Confluence user licenses to those who only read.
But with the SSO add-on, when they login with their corporate account, won't they use a Confluence license? We do want them to login to view the content, but without actually have them login to Confluence as that would require a valid user license.
How would that work with the plugin? And is the same possible for Jira?
Thanks in advance!
Here is the scenario which helps you to understand the proposed solution.
1. User already exists in confluence --> Once the authentication is done from IDP, they will be logged to confluence and see the pages they are authorized for(including public pages).
2. User does not exist in confluence -->Once the authentication is done from IDP, the user will be redirected to the confluence and can only see the public pages (anonymously accessible) but the user will not be logged in to confluence.
Please reach out to miniOrange support and I will arrange a demo for you.
PS - I work for the miniOrange one of the top SSO vendors.
It differs a little from our requirements, which are as such:
Hope this makes sense, it's a really complex case.
Kind regards
Yes, all your requirements will be satisfied.
All the users accessing confluence will be forced to login with corporate credentials. Without authentication from IDP (corporate credentials), they won't be able to access any of the pages of the Confluence even the public pages.
Now, if the user has an account and access to confluence then his confluence session will be started (as usual) otherwise user will not be logged in to confluence but will be allowed to see the public pages.
I hope this helps.
I recommend you to reach out to miniOrange support so that team here can get on a call with you and if needed customize the plugin for your requirement.
Very interesting then, thanks for all the info! Helps a lot!