Risks of setting up an open portal

Jordan Wengler November 17, 2020

Hi,

Our organization provides software support to a number of separate customers in Jira Service Desk. Currently, for all of our customers, we require that a user create an individual account to be able to log in and view tickets in their Portal. The customers in each Jira Project are only able to view their organization's tickets as a security measure.

We're working with another customer to take over their application support, which is supplied to thousands of users, so forcing all of them to create individual Customer accounts isn't practical. I am trying to determine what risks we may encounter by opening up a specific portal to allow any user to create a ticket without an account.

  • If one Project/Portal out of many is fully "open", will this customer or our other customers be able to view tickets in our other customers' Projects?
  • With an "open" portal, I assume that anyone who might find the portal link, or have the ticket submission email, would be able to create a ticket? I'm worried about spam in this case.
  • Is this against best practice in any way, or are there any other tips/experiences that we should keep in mind?

Thank you for any insight/help!!

Jordan

1 answer

1 accepted

0 votes
Answer accepted
Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 17, 2020

Hi Jordan,

yes, when the portal is open something like unwanted mails could occur but this depends on how easy to guess the URL of your portal actually is.

Requests can be shared if a customer wants to do this - but they cannot look into other projects (this is something only an Agent can do).

Who the customer can share with is explained very well in the following article:

https://confluence.atlassian.com/servicedeskserver/managing-access-to-your-service-desk-939926273.html#Managingaccesstoyourservicedesk-Choosewhocustomerscansharerequestswith

Probably an e-mail address which the customer can use to raise a request would be an option - categorization of requests via portal is quite better but it comes with a few drawbacks like you described.

Cheers,
Daniel

Jordan Wengler November 17, 2020

Thank you Daniel! That's very helpful - just wanted a bit of sanity check I think, and all of that makes sense. I appreciate your time!

 

Jordan

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events