Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA access for remote workers

Chris M
Chris M June 2, 2016

We have a JIRA instance hosted on our own server which is accessible through our VPN. The server itself has a public IP but the firewall prohibits public access to port 80/443 from the Internet for security purposes.

We would really like to be able to give remote workers/freelancers access to JIRA but without having to set them up with a VPN connection (either because they are non-technical users or because the added hassle would cause them to use the system less). Secondly, I don't want to expose our JIRA interface directly to the public Internet to prevent unauthorized access.

Does anyone have any suggestions for how we could securely provide access to our instance for specific users?

I'm thinking along the lines of a system where they authenticate with a password at a special URL (or similar) which could then grant them access via a reverse proxy. In other words, some third-party login interface where they must authenticate before being able to access JIRA - anything to prevent the JIRA login from being exposed to everyone.

Thanks in advance.

Chris

Answer
Watch
Like Be the first to like this
1066 views

1 answer

1 accepted

1 vote
Answer accepted
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 3, 2016

As consultants working for clients, we encounter this situation occasionally.  A client needs to give us access, but doesn't want to give us access to anything else on the network.  Many will add point-to-point firewall rules to allow my IP address to access the application.  It's a bit of a management headache, but effective. Obviously, you should use SSL if you plan to do expose your tools over the internet.

If you manage your own DNS and have split horizons (can advertise one IP internally and another IP externally for the same A record,) you could set up an SSL proxy and enable basic auth on it for the internet facing access.  This would prompt users to enter a password that is managed within the proxy server before the application UI will pop up.  You could get even more tricky and use client certificates on the proxy in place of basic auth (2-factor auth, essentially.)  That would allow you to create a certificate for each external user, have them import the cert into their browser and use the cert to validate their access to the application UI. You can set an expiration date on the cert so that the user will automatically lose access after the date has passed and you can revoke the cert if the person should lose access sooner.  

View More Comments
Chris M
Chris M June 3, 2016

Thanks for your answer based on your experience - really appreciated. This is most insightful and gives us a good nudge in the right direction. We will work on implementing what you suggested. Thanks again!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events