What’s the best way to accomplish this and keep an easily maintainable level of security/privacy, create a whole new Jira Cloud instance for the external users to access their JSMs? It seems like the requirement for the external customer facing JSM’s to allow users to create their own customer accounts kind of rules out having these being on the same instance as internal projects since we don’t want to pollute our customer list with non-company users, it just increases the chance that an incorrect permissions setting on an internal project could expose data to external customers.
Any thoughts on how others have approached this would be much appreciated!
We've done this with ~70 service desk projects in our instance (too many, but that's a different story based on a legacy decision..)
The permission "Service Project Customer – Portal Access" uses the project role "Service Desk Customer". You can choose who becomes a customer, it's on a per project basis.
For your internal JSM, choose a group that all your internal users belongs to for that role.
Next step is to set the Customer permissions under project settings
There are two options "Customers added by agents and admins" and "Anyone on the web"
For your internal JSM projects, use "Customers added by agents and admins"
For the external "Anyone on the web" which enables them to auto invite themselves either via signup in the portal or sending emails.
On the cloud our choices around customer permissions is a little different these are my 2 options
And our global settings are
We did this to not allow potential unwanted outsider from setting up a customer account on our system. If i switch my global setting to Yes, allow anyone to create an account will the 'anyone on the web' option appear?
We had done a test a while ago where we had the 'global setting to allow anyone to create an account and used a yahoo.com account to create a customer account and that account had access to the service desk portals and was able to create tickets, which is why we switched our setting. I will go back and confirm, but my take on that was if you were logged in with a customer account you automatically fell under the Service Project Customer – Portal Access category since we did not add the yahoo account to any project roles.
If i switch my global setting to Yes, allow anyone to create an account will the 'anyone on the web' option appear?
Yes, just verified that on my cloud test instance and it works.
And if you have your internal projects set to "Customers added by agents and admins" the external users won't see them at all.
If you have multiple "open" projects, then once a customer signs up for one, they seem to get access to all the open ones.
Thanks Jonas, it sounds like I need to do some testing to make sure the behavior is what I need. I think I will have a hard time from our security folks allowing non-company accounts in our jira instance, even if they are just customer accounts, so I'm probably going to end up with a 2nd dedicated instance with a few agents and many external customer accounts
Hello Community! Quick disclaimer: We are running a contest on Community (The Atlympics!) from July 23rd - August 8th of 2021. If you are interested in participating in this contest (prizes! ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events