Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Risks of setting up an open portal

Hi,

Our organization provides software support to a number of separate customers in Jira Service Desk. Currently, for all of our customers, we require that a user create an individual account to be able to log in and view tickets in their Portal. The customers in each Jira Project are only able to view their organization's tickets as a security measure.

We're working with another customer to take over their application support, which is supplied to thousands of users, so forcing all of them to create individual Customer accounts isn't practical. I am trying to determine what risks we may encounter by opening up a specific portal to allow any user to create a ticket without an account.

  • If one Project/Portal out of many is fully "open", will this customer or our other customers be able to view tickets in our other customers' Projects?
  • With an "open" portal, I assume that anyone who might find the portal link, or have the ticket submission email, would be able to create a ticket? I'm worried about spam in this case.
  • Is this against best practice in any way, or are there any other tips/experiences that we should keep in mind?

Thank you for any insight/help!!

Jordan

1 answer

1 accepted

0 votes
Answer accepted
Daniel Ebers Community Leader Nov 17, 2020

Hi Jordan,

yes, when the portal is open something like unwanted mails could occur but this depends on how easy to guess the URL of your portal actually is.

Requests can be shared if a customer wants to do this - but they cannot look into other projects (this is something only an Agent can do).

Who the customer can share with is explained very well in the following article:

https://confluence.atlassian.com/servicedeskserver/managing-access-to-your-service-desk-939926273.html#Managingaccesstoyourservicedesk-Choosewhocustomerscansharerequestswith

Probably an e-mail address which the customer can use to raise a request would be an option - categorization of requests via portal is quite better but it comes with a few drawbacks like you described.

Cheers,
Daniel

Thank you Daniel! That's very helpful - just wanted a bit of sanity check I think, and all of that makes sense. I appreciate your time!

 

Jordan

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
STANDARD
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

148 views 0 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you