We've recently investigated and moved to IP Whitelisting knowing the tradeoffs. We hope to see feature improvements soon. Here are the use cases:
- Some spaces are for company information sharing. They can and should have IP whitelisting so our whole company can access content in Confluence without requiring we manage subscriptions (people come and go, most only require access to view content). And to be honest, it's also a cost management approach. For security, all non-employees should not be able to access this content, regardless if they have a license or not. Basically, if not on our network, you should never be able to access these spaces.
- Some spaces are for development and require working with partners. These cannot be restricted by IP whitelisting because we need external users to access and view or contribute content. These external organizations should NEVER have access to any space other than ones we determine. We could manage permitting access to the specific space we want them to have because these would be licensed users. We would provide a license to these users (may even be guest accounts if it's solely to view content). Very few users in this case, and critical we manage for security reasons.
- Some spaces are a mix of both. We need all employees to access content (anonymous with IP whitelisting), but we also need some external users to access as long as they have a license and are in the right permission group.
- Some spaces are truly open to anyone, internal or external.
Currently, we cannot deliver this capability to our business. With IP Whitelisting enabled, we have shutout our partners from content they previously could access. We considered creating multiple organizations, but then we increase user management complexity and permissions management. We also then have to manage relating Jira items to multiple pages across Confluence organizations which also increases complexity. And when a project completes, we then need to move content to the right organization(s) to provide the right access. And this only solves for bullets 1 and 2 and possibly 4, not 3.
What we would really like is an ability to have IP Whitelisting apply only to anonymous-enabled spaces or permit IP Whitelisting to be related to selected spaces. Let other spaces continue to work as before IP Whitelisting was enabled for the organization. This finer level of enabling and enforcing IP Whitelisting would make administering a Confluence organization so much easier AND be more powerful. Today, if we get IP Whitelisting for the Confluence organization wrong, we could expose a lot of information unintentionally. Consider the mistake of IP Whitelisting a partner company. All anonymous spaces within the Confluence organization are now open to all employees at the partner. Better to do it at the space level, so all other spaces are insulated from this type of accident.
We've recently investigated and moved to IP Whitelisting knowing the tradeoffs. We hope to see feature improvements soon. Here are the use cases:
Currently, we cannot deliver this capability to our business. With IP Whitelisting enabled, we have shutout our partners from content they previously could access. We considered creating multiple organizations, but then we increase user management complexity and permissions management. We also then have to manage relating Jira items to multiple pages across Confluence organizations which also increases complexity. And when a project completes, we then need to move content to the right organization(s) to provide the right access. And this only solves for bullets 1 and 2 and possibly 4, not 3.
What we would really like is an ability to have IP Whitelisting apply only to anonymous-enabled spaces or permit IP Whitelisting to be related to selected spaces. Let other spaces continue to work as before IP Whitelisting was enabled for the organization. This finer level of enabling and enforcing IP Whitelisting would make administering a Confluence organization so much easier AND be more powerful. Today, if we get IP Whitelisting for the Confluence organization wrong, we could expose a lot of information unintentionally. Consider the mistake of IP Whitelisting a partner company. All anonymous spaces within the Confluence organization are now open to all employees at the partner. Better to do it at the space level, so all other spaces are insulated from this type of accident.