We have a JIRA instance hosted on our own server which is accessible through our VPN. The server itself has a public IP but the firewall prohibits public access to port 80/443 from the Internet for security purposes.
We would really like to be able to give remote workers/freelancers access to JIRA but without having to set them up with a VPN connection (either because they are non-technical users or because the added hassle would cause them to use the system less). Secondly, I don't want to expose our JIRA interface directly to the public Internet to prevent unauthorized access.
Does anyone have any suggestions for how we could securely provide access to our instance for specific users?
I'm thinking along the lines of a system where they authenticate with a password at a special URL (or similar) which could then grant them access via a reverse proxy. In other words, some third-party login interface where they must authenticate before being able to access JIRA - anything to prevent the JIRA login from being exposed to everyone.
Thanks in advance.
As consultants working for clients, we encounter this situation occasionally. A client needs to give us access, but doesn't want to give us access to anything else on the network. Many will add point-to-point firewall rules to allow my IP address to access the application. It's a bit of a management headache, but effective. Obviously, you should use SSL if you plan to do expose your tools over the internet.
If you manage your own DNS and have split horizons (can advertise one IP internally and another IP externally for the same A record,) you could set up an SSL proxy and enable basic auth on it for the internet facing access. This would prompt users to enter a password that is managed within the proxy server before the application UI will pop up. You could get even more tricky and use client certificates on the proxy in place of basic auth (2-factor auth, essentially.) That would allow you to create a certificate for each external user, have them import the cert into their browser and use the cert to validate their access to the application UI. You can set an expiration date on the cert so that the user will automatically lose access after the date has passed and you can revoke the cert if the person should lose access sooner.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot