Syncing users from Webshop to JSM via Keycloak

Hi everyone,

We’re working on a solution for our webshop and need some guidance. Here’s what we’re trying to achieve:

Our webshop has around 3,000 private customers. The goal is to allow these customers, when logged into our webshop, to open a Jira Service Management (JSM) ticket through the JSM portal without needing to create or log into a Jira account (since they obviously don’t have one).

The proposed solution:

•We plan to sync/authorize our webshop users with JSM via Keycloak and Atlassian Access (Guard).

•As I understand it, these users would need to be unmanaged users, as their email addresses don’t belong to any of our verified domains.

•The users should only have access to:

•Open a request

•View their own open/closed requests

•Importantly, we want to avoid any additional per-user licensing costs for these 3,000 users. Based on my research, it seems there shouldn’t be extra licensing fees for users with such limited access, but I’d like confirmation on this.

Questions:

1.Does this approach make sense for our use case?

2.Is this achievable with Keycloak and Atlassian Access (Guard) as described?

3.Are there any potential licensing issues or costs we might overlook?

Thank you guys!

2 answers

Suggest an answer

2 votes

Hello @Joan Arau

Welcome to the Atlassian community.

I can't address your question about Keycloak since I have never used it.

I can address your licensing question.

To be able to associate each customer with their issues each customer will need an Atlassian Cloud account. This account can be granted access to any number of Atlassian Cloud products managed by diverse companies. The accounts can be granted different access for each Atlassian Cloud product based on the Product Role granted to the account for each product. The basic product roles are licensed users and administrator.

With Jira Service Management there is an additional product role - customer. An account granted only the Customer Product Role for JSM does not consume a JSM license. Accounts with such a role will be able to access JSM only through the customer portal and optionally through email depending on how you configure JSM. They will be able to see only the JSM issues where they are the reporter or where the issue has been Shared with them.

With that level of access the customers should not impact your JSM licensing costs.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

1 vote

@Joan Arau

Welcome to the community. To supplement what @Trudy Claspill stated -

Atlassian Guards (formally known as Atlassian Access) allows one to use his/her own IDP for user accounts. I also never used Keycloak product, so I would recommend you that you may want to contact the vendor for assistance. NOTE - Atlassian Guards is a fee-based product from Atlassian and it is not a part of JSM product (unless your JSM subscription plan is at Enterprise level).

On the licensing end, CUSTOMERS are free in JSM where they will access your JSM project(s) via the portal UI to raise his/her issues, or one can configure the JSM project to create issues via end users email processing. Only the Agents (one that needs to handle/process the issues) will need a paid license.

Hope this also helps.

Best, Joseph Chung Yin