Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Restrict Service Desk Portal signup to a specific Domain

Andre Ballensiefen (Balli)
Andre Ballensiefen (Balli)
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 25, 2018

Hi all, we want to start using Service Desk.

We have ~1600 people in the company. Only the IT Department and a few others have Jira access (300 User License)

The other ~1300 should be able to request help via the customer portal. As we don't want to manage all "Portal only" users manually, we want to use the sign up functionality.

Problem:

Everyone can signup there, which is sth. we don't want at all. So we want to restrict the signup to a specific email domain.

The general functionality is in the Jira admin section (Site Settings -> Self Signup)

2018-04-25_18-00-44.jpeg

 

But this doesn't affect the Customer Portal signup.

Does someone have an idea how to manage that ?

 

Thanks in advance!

Best, Andre

 

Answer
Watch
Like # people like this
6760 views

4 answers

1 accepted

3 votes
Answer accepted
Patrick S
Patrick S
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 29, 2018

I recently fought a very similar problem, and was able to solve it with the Script Runner and the Script Listeners. I've posted both the script I used to block a domain that was spamming us.  I've also modified and tested the script to show how you can accomplish your goal of only allowing a certain domain.

  1. After installing go to Admin Cog > Add-Ons > SCRIPTRUNNER category in left panel > Script Listeners
    1. https://yourServiceDesk/plugins/servlet/scriptrunner/admin/listeners
  2. Click Add New Item > Custom Listener
  3. Set Events to monitor UserCreatedEvent
  4. To block a certain domain
    1. import com.atlassian.jira.user.ApplicationUser
      import com.atlassian.crowd.model.user.User
      import com.atlassian.crowd.event.user.UserCreatedEvent
      import com.atlassian.jira.component.ComponentAccessor
      import com.atlassian.jira.bc.user.UserService
       
      // Catch the UserCreatedEvent and get the User
      def newUserEvent = event as UserCreatedEvent; 
      User newUser = newUserEvent.getUser();
      String email = newUser.getEmailAddress();
       
      // Define the domain you want to block
      String spamDomain = "@spam.xyz";
       
      if (email.toUpperCase().endsWith(spamDomain.toUpperCase())){
       
       log.error "SPAMBOT DETECTED! " + email;
       
       def userService = ComponentAccessor.getComponent(UserService)
       def userManager = ComponentAccessor.getUserManager();
       
       // Set the user account we want to run delete permissions with
       ApplicationUser runAsUser = userManager.getUserByKey("yourJiraAdminAccount")
       
       // validate permissions
       final UserService.DeleteUserValidationResult result = userService.validateDeleteUser(runAsUser, email)
       if (result.isValid()) {
       log.error "SPAMBOT REMOVAL VALID - $email"
       userService.removeUser(runAsUser, result)
       log.error "SPAMBOT REMOVAL SUCCESSFUL - $email"
       }
       else
       {
       log.error "REMOVAL INVALID - $email"
       } 
       
      }
  5. To only allow a certain domain
    1. import com.atlassian.jira.user.ApplicationUser
      import com.atlassian.crowd.model.user.User
      import com.atlassian.crowd.event.user.UserCreatedEvent
      import com.atlassian.jira.component.ComponentAccessor
      import com.atlassian.jira.bc.user.UserService
       
      // Catch the UserCreatedEvent and get the User
      def newUserEvent = event as UserCreatedEvent; 
      User newUser = newUserEvent.getUser();
      String email = newUser.getEmailAddress();
       
      // Define the domain you want to allow
      String allowedDomain = "@safeDomain.com";
       
      if (!email.toUpperCase().endsWith(allowedDomain.toUpperCase())) {
       
       log.error "EXTERNAL ATTEMPT DETECTED! " + email;
       
       def userService = ComponentAccessor.getComponent(UserService)
       def userManager = ComponentAccessor.getUserManager();
       
       // Set the user account we want to run delete permissions with
       ApplicationUser runAsUser = userManager.getUserByKey("yourJiraAdminAccount")
       
       // validate permissions
       final UserService.DeleteUserValidationResult result = userService.validateDeleteUser(runAsUser, email)
       if (result.isValid()) {
       log.error "EXTERNAL ATTEMPT REMOVAL VALID - $email"
       userService.removeUser(runAsUser, result)
       log.error "EXTERNAL ATTEMPT REMOVAL SUCCESSFUL - $email"
       }
       else
       {
       log.error "EXTERNAL ATTEMPT REMOVAL INVALID - $email"
       } 
       
      }
View More Comments
Santhosh ESS
Santhosh ESS
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 10, 2019

Hi Patrick,

This script works fine. But, it is not showing any warning/ error message on screen if any user tries to sign up other than the allowed domains. Could you please help us to add that message in the script.

Like
Patrick S
Patrick S
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 10, 2019

Santosh,

I wish I could be of more assistance, but I have not looked into how to pass feedback to the browser. Since my use case was blocking spam, I actually didn't want any feedback given.

Good luck,

Patrick

Like
Santhosh ESS
Santhosh ESS
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 10, 2019

Patcrick,

This helps. But, what if user sign up with the expected domain and a fake email id. Like, falsemailid@SafeDomain.com

Is there any way we can have a verification for this?

Thanks.

Like
Patrick S
Patrick S
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 10, 2019

Santhosh,

To accomplish that there would need to be a way to validate the email address with an API (there are several available, I've never used any), and then integrate that with the GroovyScript (there's probably a way) to give feedback.

Because the domain is trusted / configured in the script, you would have to rely on something external to JIRA to validate the address is truly a real email. The exception to that is if you have a full list of valid email addressses available to JIRA (via something like LDAP integration, SQL Server view, etc).

Like
Reply
2 votes
Chris P_
Chris P.
Contributor
April 24, 2019

+1 vote.  We need this flexibility, as we are providing support via JSD to 3 large companies that are competitors of each other, and the TIME it takes to allow 1 user at a time per JSD project is crippling.

If we could allow access to JSD portal by group / domain name i..e. @companyname1.com vs @[deleted]_name_2.com > this would make much more sense.

Reply
0 votes
AR
AR March 31, 2020

A feature requested was created to add Blacklist/Whitelist customer sign-up functional to Jira Service Desk. If you're interested please vote for it here: https://jira.atlassian.com/browse/JRASERVER-70841

Thanks.

View More Comments
David Peña
David Peña
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 5, 2020

seems there are already tickets submitted for this a long time ago..  probably worth to vote on these too!

For cloud: https://jira.atlassian.com/browse/JSDCLOUD-868

For server: https://jira.atlassian.com/browse/JSDSERVER-868

Like
Reply
0 votes
Jack Brickey
Jack Brickey
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 25, 2018

Unless something has changed, for which i would be pleasantly surprised, this is not possible. The best thing to do is to add the customers manually. If you can generate a CSV of the users emails you can copy and paste into the "add customers" input area.

View More Comments
Andre Ballensiefen (Balli)
Andre Ballensiefen (Balli)
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 26, 2018

Hi Jack,

 

thanks for the quick Answer!

Do you know if we connect our Jira via SAML (s. Picture) if this would have an effect for the service portal signup ?

 

2018-04-26_14-07-54.jpeg

 

 

Thanks in advance!

Best, Andre

Like
M Amine
M Amine
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 19, 2018

any feedback on using SAML ? Does it solve your problem ?

kind regards

Like
Andrew Hatch
Andrew Hatch
Contributor
November 30, 2018

SAML works for the domain users, which is great. But still allows non-domain users to log in.

This seems like a pretty simple request for Atlassian: just a whitelist for new accounts and trigger an error if they don't match a domain. I 

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events