Many of our customers use Jira as a collaboration tool in projects involving the whole company. Jira already has support to give permissions to browse anonymously (named “Anyone on the web”) meaning that you as an administrator can let all users access Jira and certain projects without needing a license. Then only users that should produce Jira content like creating, working on and commenting Jira issues, need to consume a Jira license giving large cost reductions.
The problem with this setup is that it does not work well with making your Jira available on the Internet, or if also non-company guest users - that should not have access to these anonymous projects - can reach Jira from your internal network.
The feature SSO-Verified Anonymous Access in Kantega SSO gives a solution to this problem.
When enabling this you can secure your Jira’s anonymous spaces to only be available to users that are able to log in via your Identity Provider. This makes it possible for you to have your Jira available on the Internet and at the same time assure that only the relevant people are allowed to log in – and still getting the advantage of users staying anonymous to save licenses.
Step 1: Make Jira board anonymously visible within the organisation
You see the need to define a project that all of you organization should be able to see to follow the progress of an important internal process. This could be illustrated by the below project Example Collaboration Project:
To give this project anonymous access you need to use a permission scheme that has the Group: Anyone on the web. Best is then to create a copy of the Default Permission Scheme that you can call Anonymously Open Permission Scheme:
This permission scheme will then look like this adding the Browse Projects right to the Group Anyone on the web:
On the project Example Collaboration Project and other projects that you want to be available to all your organization use this permission scheme Anonymously Open Permission Scheme.
Step 2: Before SSO-Verified anonymous access is activated
Before SSO-Verified anonymous access in Kantega SSO is activated all users now have access to the Example Collaboration Project, which might be anyone on the Internet if your Jira is exposed on there.
Step 3: After SSO-Verified anonymous access is enabled
You can enable SSO-Verified anonymous access as described in this guide: https://kantega-sso.atlassian.net/wiki/x/AQBBY
When SSO-verified anonymous access is on, our test user Mark Miller is required to log in through the company’s AD FS for authentication when attempting to access the Jira board. He then logs in on the AD FS side using his username / password and 2-factor mechanism.
Step 4: Mark Miller is logged in as an anonymous user
Mark Miller does not have any license group in Jira and is logged in and can see projects that are opened for anonymous access, including the Example Collaboration Project board. The organization can now collaborate efficiently, and all anonymous users can follow the project’s status along the way without using licenses.