Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Login-Permission exclusively by using (designated) business computer

Is it possible to limit/allow access / login for (specific) users only when they login from their business-Computer/Device (e.g. by requesting the MAC-address of the device used)?

 

1 answer

Hi Andreas,

I think I understand what you are asking here.  I can see there would be a desire to limit which machines could login to an application like Jira.  However I don't think this can be done in the Jira Application level.  And I'll try to explain why.

Right now, Jira does show user sessions, you can see this in Jira Server if you are a system admin by going to the Cog Icon -> System -> User sessions or /secure/admin/CurrentUsersList.jspa

This lists seesion Id, username, protocol, IP address, etc.  But it doesn't list the MAC address.  This isn't something that a Java application like Jira will try to lookup for the connections it receives.   I thought perhaps someone might want to try to write a plugin to do that, but from reading other posts like https://stackoverflow.com/questions/839973/how-to-get-a-clients-mac-address-from-httpservlet

The answer listed there by user atom255 explains why this is problematic in most environment:

You're probably not going to get what you want. (the client's MAC address)

If the server is close enough (directly connected via hub or maybe a switch) you can ARP for the MAC Address. If you do this for an IP across the Internet you're probably going to get the inside interface of the closest Router or Switch.

Because of the way TCP/IP works the MAC address used in the 'frame' will get ripped off and re-assembled each at each hop the information takes between the server and the host.

So it doesn't look promising given this approach.   Perhaps other related questions like https://community.atlassian.com/t5/Jira-questions/Restrict-login-based-on-IP-address/qaq-p/115250 might help?  I know it's not the same thing you were asking, but there is a discussion there about ways to restrict specific IP addresses from reaching your Jira site at all, either via iptables, or by the proxy configuration.

I hope this helps.

Andy

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Jira Software

Presenting the "Best of 2020" Jira Software roundup!

Catch up with Atlassian Product Managers in our 2020 Demo Den round-up! From Advanced Roadmaps to Code in Jira to Next-Gen Workflows, check out the videos below to help up-level your work in the new ...

4,920 views 6 15
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you