Sharing Jira content with the whole organisation without the need for licenses for all

SSO-verified anonymous access enables you to make Jira available on the Internet while assuring that only the relevant people are allowed to log in – and still getting the advantage of users staying anonymous to save licenses.


Many of our customers use Jira as a collaboration tool in projects involving the whole company. Jira already has support to give permissions to browse anonymously (named “Anyone on the web”) meaning that you as an administrator can let all users access Jira and certain projects without needing a license. Then only users that should produce Jira content like creating, working on and commenting Jira issues, need to consume a Jira license giving large cost reductions. 

The problem with this setup is that it does not work well with making your Jira available on the Internet, or if also non-company guest users - that should not have access to these anonymous projects - can reach Jira from your internal network. 

The feature SSO-Verified Anonymous Access in Kantega SSO gives a solution to this problem.  

When enabling this you can secure your Jira’s anonymous spaces to only be available to users that are able to log in via your Identity Provider. This makes it possible for you to have your Jira available on the Internet and at the same time assure that only the relevant people are allowed to log in – and still getting the advantage of users staying anonymous to save licenses. 

 

Step 1: Make Jira board anonymously visible within the organisation 

You see the need to define a project that all of you organization should be able to see to follow the progress of an important internal process. This could be illustrated by the below project Example Collaboration Project: 

Picture1 

To give this project anonymous access you need to use a permission scheme that has the Group: Anyone on the web. Best is then to create a copy of the Default Permission Scheme that you can call Anonymously Open Permission Scheme: 

Picture2 

This permission scheme will then look like this adding the Browse Projects right to the Group Anyone on the web: 


 Picture3

On the project Example Collaboration Project and other projects that you want to be available to all your organization use this permission scheme Anonymously Open Permission Scheme. 

 

Step 2: Before SSO-Verified anonymous access is activated 

Before SSO-Verified anonymous access in Kantega SSO is activated all users now have access to the Example Collaboration Project, which might be anyone on the Internet if your Jira is exposed on there. 

 

Step 3:  After SSO-Verified anonymous access is enabled 

You can enable SSO-Verified anonymous access as described in this guide: https://kantega-sso.atlassian.net/wiki/x/AQBBY 

When SSO-verified anonymous access is on, our test user Mark Miller is required to log in through the company’s AD FS for authentication when attempting to access the Jira board. He then logs in on the AD FS side using his username / password and 2-factor mechanism. 

Picture4 

 

Step 4: Mark Miller is logged in as an anonymous user 

Mark Miller does not have any license group in Jira and is logged in and can see projects that are opened for anonymous access, including the Example Collaboration Project board. The organization can now collaborate efficiently, and all anonymous users can follow the project’s status along the way without using licenses. 

Picture5

Picture6

 

 

Similar posts