Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Risks of setting up an open portal

Jordan Wengler
Jordan Wengler
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 17, 2020

Hi,

Our organization provides software support to a number of separate customers in Jira Service Desk. Currently, for all of our customers, we require that a user create an individual account to be able to log in and view tickets in their Portal. The customers in each Jira Project are only able to view their organization's tickets as a security measure.

We're working with another customer to take over their application support, which is supplied to thousands of users, so forcing all of them to create individual Customer accounts isn't practical. I am trying to determine what risks we may encounter by opening up a specific portal to allow any user to create a ticket without an account.

  • If one Project/Portal out of many is fully "open", will this customer or our other customers be able to view tickets in our other customers' Projects?
  • With an "open" portal, I assume that anyone who might find the portal link, or have the ticket submission email, would be able to create a ticket? I'm worried about spam in this case.
  • Is this against best practice in any way, or are there any other tips/experiences that we should keep in mind?

Thank you for any insight/help!!

Jordan

Answer
Watch
Like Be the first to like this
586 views

1 answer

1 accepted

0 votes
Answer accepted
Daniel Ebers
Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 17, 2020

Hi Jordan,

yes, when the portal is open something like unwanted mails could occur but this depends on how easy to guess the URL of your portal actually is.

Requests can be shared if a customer wants to do this - but they cannot look into other projects (this is something only an Agent can do).

Who the customer can share with is explained very well in the following article:

https://confluence.atlassian.com/servicedeskserver/managing-access-to-your-service-desk-939926273.html#Managingaccesstoyourservicedesk-Choosewhocustomerscansharerequestswith

Probably an e-mail address which the customer can use to raise a request would be an option - categorization of requests via portal is quite better but it comes with a few drawbacks like you described.

Cheers,
Daniel

View More Comments
Jordan Wengler
Jordan Wengler
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
November 17, 2020

Thank you Daniel! That's very helpful - just wanted a bit of sanity check I think, and all of that makes sense. I appreciate your time!

 

Jordan

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events