Managing customers and project access when not all employees have company email

Paul Krueger
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2022

Here's our scenario:

  • 2000 employees, half of which have a company email account. 
  • We use the API to automate the creation of portal-only accounts for our employees
  • Portal access is limited to Customers added to the service project only by agents and admins

We have several projects, but here are a few examples:

  • IT - available for employees with company email accounts only
  • Accounting - available for employees with company email accounts only
  • Legal - available for employees with company email accounts only
  • CRM - available for employees with company email accounts only
  • HR - available for all employees

Initially (when we only had the IT service desk), we created portal-only accounts via API and added the new account as a customer to the project via API. When we added Accounting, we added that project to the script so new portal accounts were added to both projects. Other than the hassle of populating the initial customers, this was doable.

As we've grown, however, this has become increasingly difficult. Therefore, I thought I'd start using organizations to solve this problem. I created two organizations:

  • Employees with Company Email
  • Employees without Company Email

The thought was that I could simply add the "Employees with Company Email" organization to the relevant projects and add both organizations to the HR project. Then, my script would only need to maintain the membership of those organizations. This dramatically simplifies the automated process but comes with all sorts of unintended problems. 

For example, the "Share with" option when submitting a request via the portal is broken (the only options are No one or Everyone and searching for a specific customer doesn't work). This appears to be a known issue, which is unfortunate.

We could open up project access to the public, but we really don't want non-employees to be able to submit portal requests to our internal departments. 

I'm curious if anyone else out there has solved this problem. I think I'm going to have to abandon the work I've done to use organizations and go back to individually-targeted access (adding each customer individually to each project).

 

1 comment

Carmen Nadeau
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2022

Hi @Paul Krueger 

We have around 6K customers (internal only). We have 2 groups JSM-Portal and JSM-Portal-TI for our customers. We manage all users and no-one can create a new user, only us admin.

In the projects (we have severals):

  • the customer acces is based on the option that the user must belong to the project.
  • the autorisations for the the role service-desk-customer are given to a group 

So when we add our users , in our script we put everyone in the group JSM-Portal and only our IT department to JSM-Portal-TI

Anyone can share his/her ticket with anyone BUT the user must have access to the project for him/her to see the ticket, obviously.

 

I hope this can help you,

Carmen

Paul Krueger
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2022

Carmen,

So you're using groups for access and not Organizations. That's not something I'd considered. Thank you!

Carmen Nadeau
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2022

Honestly, since I was a JIRA admin for 12 years, I did that automaticly and it worked so if it's not broken.... ;)

Paul Krueger
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2022

It occurred to me, though, that only Atlassian Accounts can be added to Groups (not portal-only customers). 

Carmen Nadeau
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 12, 2022

We have a DC instance, I did not realise that yours was in the Cloud.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events