-
Suggestion
-
Resolution: Fixed
NOTE: This suggestion is for JIRA Service Desk Server. Using JIRA Service Desk Cloud? See the corresponding suggestion.
JIRA Service Desk have the "Public Sign Up" feature that will let unregistered user that accessing the portal to be able to sign up and create an account, this also includes for unregistered user that is sent request through email. When a unregistered user sent an email to Service Desk email channel, the email will be converted to a request and an invitation link will sent out to the sender to notify them.
But, at some situation, the sender of the email will forward the created request notification to another user that will be take part on that request, and there is a possibility that the user that received the forward email is an unregistered user as well. Then, that user will reply to Service Desk email channel with the same subject as the previous notification with intend to update/comment on the ticket. Since this user is not registered yet, Service Desk will process the email but did not do aything with it as the subject is the same and it is from an unregistered user email address.
Hence, it will be great if JIRA Service Desk Public Sign Up will cover those unregistered user that have an intend to comment on an existing ticket. Making the user does not need to access the portal and sign up just to do a simple comment, also it will automatically include the user as the participant of that request.
It could perhaps be good to add some sort of approve-mechanism, if an user wants to comment on an issue, but aren't allowed because the user user is not in request participant list. As if it is possible, it would make the customer to be added to the request which could lead to a security issues.
- details
-
JSDCLOUD-5065 Outdated Information on Request Participants page.
-
- Closed
-
- is duplicated by
-
-
- Closed
-
-
- Closed
-
- Closed
- is related to
-
-
- Closed
-
-
- Closed
-
- Closed
-
- Closed
- relates to
-
- Closed
-
- Closed
-
- Gathering Interest
-
DESK-4339 Loading...
-
- mentioned in
-
-
-
-
-
-
-
- was cloned as
-
[JSDSERVER-1699] Support Create User function even for Comment by Email
Thanks Matthew. I realise this is a difficult problem but hope you guys can come up with a solution 
Your issue is, as you say, a bit of a mixture of JSD-270 and JSD-2373.
The problem is that while we can detect that an issue is related by subject / headers, if someone currently is not either an agent, the reporter or a participant on the issue, then it is a security issue to add them.
We are currently investigating some possible solutions, but due to the security considerations, it might not prove to be simple or something that can be addressed in the near future. But we are aware of the issue.
Regards
Matt
JIRA Service Desk developer
This change will be a big help but I don't think it covers what is probably a bigger problem to us. Customers often email our service deskand copy their own distribution group. Service Desk can add the distribution group as a request participant but then when someone from within the distribution group replies it creates a new issue because that user isn't a request participant. What we really want is for the new email to be added to the existing issue (because it matches on the subject line) but that clearly raises some security questions.
Will this change help in that situation? Is this something you have considered or have logged somewhere else? We really need proper group support as discussed in JSD-270 but there will still be some customers who stick to email and I can see this problem staying. Not having a proper merge function makes dealing with these duplicates a real overhead.
The solution that has been implemented here, is as discussed above:
- For a public signup enabled service desk
- When processing the email for create / comment, it will check all TO / CC addresses and if they do not exist, new customers will be created and invited to the service desk, and added to the issue as Request Participants.
- In addition to this functionality through email, in the customer portal request details, if allowed by permissions, customers can also invite new users by entering their email address
- both of these are only with public signup, and the request security is configured to allow customers to manage participants
Regards
Matt
Hi roger.oberg
I have created a new Suggestion at JSD-2262 for providing a way to action unprocessed mail from within Service Desk.
Please feel free to add any additional details to that ticket.
Regards
Matt
Thanks.
In regards to the rejected email flow, currently those messages can be identified in the mail audit log, and the actual messages are preserved in the database. They will be deleted after 6 months from the database.
The ability for an agent to inspect the rejected email messages and action them, sounds like a separate concern. Would you be able to create a new suggestion for that?
Matt
I agree that in the case of mis-typing an Issue ID, you shouldn´t be added automatically as participant. However that doesn´t mean that email shouldn´t be processed as a ticket, it is still an email sent to the servicedesk which the user expects to get an answer to.
So in this case, I think either a new ticket should be created, or as I suggested before, some sort of approve mechanism where the agents can verify if it is in fact a valid comment request which should be added to an existing ticket or if it should treatad as a new ticket.
Thank you for your reply.
In regards to the scenario of mis-typing an Issue ID, I think there would be security implications, if I can send random email messages with different ID's, and then have access to other peoples tickets.
I believe that a participant should only be added if the email is from an existing participant, the reporter or an agent.
In regards to the notification, I would recommend also watching JSD-988 for updates, and adding any additional details to that issue.
Regards
Matt
For us these scenarios have occurred:
- the one we are discussing now, email is forward to another user which replys to the servicedesk.
- Another usecase was when we transfered a ticket from the original reporter (which is in fact another servicedesk-system) to the original user which had the problem. (i.e. we removed the servicedesk-system user and added another user). However due to some miscommunitication the servicedesk-system user sent another mail asking us the status of the ticket (by replying on the confirmation mail received before). But since we had removed that user from the ticket, the user was not auhtorized, and the mail was lost.
I guess also if you, by mistake or luck, type the same id as an existing ticket, that mail request would also be dropped...
In my opinion, If you have public signup enabled, there shouldn´t be a single scenario where you could discard an email coming to the service desk support!
If you don´t have public signup enabled, i think the rule should be that a mail sent from a registered user, never should be discarded. But mail from unregistered users could be dropped, or perhaps even better, a reply message sent that you don´t have access to send support tickets to this service desk....
I agree about the BCC, that they shouldn´t be included in the ticket.
In regards to this, I have just considered the case of BCC.
I assume that these users should not be added to the ticket as request participants, nor created as users, if do not already exist. As if this happens, everyone will now see them as a participant of the ticket, which might break the intention of including them as a hidden recipient of the message, initially.
Does this sound reasonable, or would expect that everyone, including BCC is included in the ticket?
Hi roger.oberg
If the mail has been sent from a valid reporter or participant of the issue, than the comment should be added.
I understand that a message might be lost if sent from a user that is not already either the reporter or a participant. Also if a service desk is not enabled for public signup, then a user must already be a customer of the service desk before sending an email to create a new ticket.
If there are some scenarios where messages are being lost, when they should not be, it would be greatly appreciated if you can provide some more details about those occurrences.
Regards
Matt
Hi!
I agree, if you can detect that from the mail that should be enough..
But please don´t throw away the other mail which doesn´t meet the above requirements (which is done today). In my opinion every mail sent to servicedesk whould either be treated as a new ticket, or added as a comment to an existing ticket.
//Roger
Hi,
Was thinking about this suggestion, specifically the last section about approve-mechanism.
If the email is received from the reporter, an existing request participant or an agent of the Service Desk, this seems like it should be enough to be considered approved to create the new user (if they don't exist in a public sign up enabled Service Desk) and add them as a participant?
Matt
JIRA Service Desk developer
You could also vote/follow the bug https://jira.atlassian.com/browse/JSD-1744 which handles parts from this suggestion.
which version of JIRA SD do we need to have this feature " When a unregistered user sent an email to Service Desk email channel, the email will be converted to a request and an invitation link will sent out to the sender to notify them."
I have JIRA v7.1.2, does not support for unregistered users.