Loading...

XML

Word

Printable

Details

Type: Suggestion
Resolution: Unresolved
Fix Version/s: 7.2.10, 7.4.2, 7.3.9
Component/s: Security
Labels:

UIS:
534
Support reference count:
25
Feedback Policy:

We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

Description

As an Administrator I would like to be able to disable public access to JIRA, so the users will have to login before they can browse projects, search issues or navigate to system dashboard.

Workaround

Before applying the workaround from this section, make sure the Load Balancer / Reverse Proxy health check is properly configured to send a GET /status.

If the health check is targeting only GET /, then nodes will be reported as unhealthy by the Load Balancer after applying the feature flag.

Refer to Load balancer configuration options for further details on configuring the health check.

In JIRA 7.2.10 the possibility to disable public access for anonymous users was added, however it is still in labs state.

In order to disable public access for anonymous users, administrator needs to add a darkfeature public.access.disabled.
Here are the steps required for adding a dark feature in Jira:

Login as an administrator and go to: [BASE-URL]/secure/SiteDarkFeatures!default.jspa
In the Enable Dark Feature text field add public.access.disabled

Attachments

Issue Links

is related to

JRASERVER-65380 Anonymous user is unable to access Manage Dashboard page via UI

Gathering Impact

JRACLOUD-72805 In addition to the "Public sharing" option Jira should have functionality to, in bulk, modify public filters & dashboards to not be public

Closed

JRASERVER-23255 Shared filters are visible to anonymous users when shared with 'Everyone'

Closed

JSDSERVER-630 SSO integration with Jira Service Desk

Closed

JRACLOUD-70084 Add possibility to disable public access to JIRA

Gathering Interest

JRASERVER-34268 Issue / project not found message in issue searches for anonymous users should prompt user to login

Gathering Interest

JRASERVER-40787 It should be possible to restrict access to the Issue Navigator by anonymous users

Gathering Interest

JRASERVER-64165 Administrators should have the ability to restrict access to the System dashboard

Gathering Interest

JRASERVER-69856 In addition to the "Public sharing" option Jira should have functionality to in bulk modify public filters & dashboards to not be public

Gathering Interest

relates to

JRASERVER-39140 JIRA Seraph Config Settings are not Respected

Gathering Impact

JRASERVER-36248 As a JIRA Administrator, I'd like to force all users to authenticate to the SSO before seeing any pages in JIRA

Gathering Interest

JRASERVER-66554 SAML redirection from Jira Dashboard page or any page other than login.jsp

Gathering Interest

PS-44440 Loading...

was cloned as

JRASERVER-75724 Add possibility to disable public access to JIRA

Gathering Interest

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(4 is related to, 4 relates to, 1 was cloned as, 40 mentioned in)

Activity

People

Assignee:: Unassigned

Reporter:: Marcin Kempa

Votes:: 156 Vote for this issue

Watchers:: 131 Start watching this issue

Dates

Created:: 28/Jun/2017 9:33 AM

Updated:: 12 hours ago