How risky is it to have a customer portal set to 'Anyone can email the service project...'
Hi community,
I have a use case that requires a JSM Project to allow anyone to raise a request. What are the community views on the risks involved?
Atlassian recommend not using this unless unavoidable...
...and here is the security advice:
Does anyone have experience of using this option and any tips to enhance security other than those detailed in the screen grabs provided?
Thanks,
Tom
1 answer
1 accepted
HI @Tom Brown I recommend public signup for JSM:
Enabling public signup for Jira Service Management customer portals
With public signup enabled, agents can invite new customers to a service project, and new customers can create accounts on the Customer Portal and through email. Enabling public signup for your service project also enables a honeypot technique which helps prevent spambots from creating accounts through the customer portal.
Enabling public signup
You must first enable public signup at the system level:
- Log in as a user with the 'Jira Administrators' global permission.
- Choose Administration (
) > Applications. Scroll down to the Jira Service Management section and choose Configuration. - In the Public signup section, allow project admins to enable public signup.
Enabling verification emails
After enabling public signup, we recommend that you also enable verification emails. This adds security to your Jira instance and makes sure that all customers are exactly who they say they are. This option should be enabled by default unless you haven't configured outgoing email.
- Enable and configure outgoing email so Jira can send verification emails. For more info, see Configuring an SMTP mail server.
- In the Public signup section, enable verifications emails.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.