Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

External access to Confluence page, security

Maurice van Eijk
Maurice van Eijk May 2, 2019

Dear Atlassian,

 

I am currently exploring the potential of Jira/Confluence for the company I work for. 

My company is an accountancy firm that requires clients to send in sensitive documents.

This means that we want to give (external) clients access to a safe environment in which they can drop their information (possibly via Multi-Factor Authorisation). The demo on Confluence on youtube claimed that folders can be made public, but will then be indexed by google and will be publicly accessible by anyone, this, of course, would be a major security hazard for our company and our clients.

Is it possible to create safe folders in which clients can drop their documents, possibly via an anonymous invitation link, or by adding them into the system as users? (would the latter count towards the Confluence/Jira license user count?)

I am asking the above in regards to both general IT-security and privacy, but also with regards to the EU GDPR, and accountancy compliance regulations.

 

Thank you for your time,

 

With kind regards,

 

Maurice

Answer
Watch
Like Andy - PTC Redundant likes this
666 views

2 answers

2 accepted

1 vote
Answer accepted
Gillian Rourke
Gillian Rourke May 2, 2019

I would also consider if clients would be allowed access to each others' pages/documents. 

In our firm (global accounting firm) we maintain secure and separate instances of Confluence/Jira and tightly control both internal and external access when the spaces or projects need to be client accessible.  We also have internal-only instances, again the access to which is tightly controlled.  One of our golden rules is one client per external instance, meaning any accidental cross-contamination is impossible.

Let me know if you want to discuss in more detail.

View More Comments
Deleted user August 12, 2019

Thanks, Gillian. Does having separate external instances of Confluence per client increase your subscription cost? I'm wondering, as I'm building a view-only product documentation site(s) and only need to limit it for our customers versus the entire world (i.e., only our customers would read the product docs). Not sure how that compares to what you do.

Thanks, Gigi

Like
Gillian Rourke
Gillian Rourke August 14, 2019

I believe there is additional cost, but I think it's more to do with hosting an additional server.  Not sure though, as I'm not fully involved in that aspect of our use of Atlassian tools.

Like
Reply
1 vote
Answer accepted
Petr Vaníček
Petr Vaníček
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 2, 2019

Hi,

I could recommend to you look at those documentation pages.

https://confluence.atlassian.com/doc/space-permissions-overview-139521.html

https://confluence.atlassian.com/doc/page-restrictions-139414.html

You can set many variants of permission configurations based on your use case and what do you need.

Your "folders" are Spaces in Confluence terminology as what I expect. So for example you can use it with Space per customer/company or (what is maybe better, but you must be little bit more beware with configuration) you can use one Space for all customers/companies where based on tree structure you can restrict view/edit to any branch of tree to group of people from your customer. That's just idea and common use-case.

Regarding license - yes, it will count in your license user tier as it's non-public instance.

Hope it helps you and if you will have any question just let me know.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events