Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can I keep Jira secure whilst opening Service desk to the Internet?

Adam Sterrie
Adam Sterrie
Contributor
August 21, 2018

Currently Jira sits on the corporate LAN behind the firewall. Internal users access it via the corporate LAN, but can also access it outside the office using VPN. Moreover, the base url "http://jira-xx:8080" only works when you are logged on to the corporate LAN.

Now we are adding Service Desk for external customers. We have had to change the Jira base url to one which anyone on the internet can use (https://...) because it has to be the same as the Service Desk url (surely this is a defect in the design of Service Desk?). As a result, anyone on the internet can get to our Jira's login page. They still need to have a valid login and password to get in the normal route, but the mere fact that they can get to the login page is a security risk since Service Desk and Jira are so closely connected.

Has anyone had this problem and is aware of a resolution?

For example, can we separate Service Desk (with or without it's own Jira project) from Jira, place it in a DMZ and connect it with Jira via the firewall thereby keeping Jira inside the corporate LAN?

Adam

Answer
Watch
Like Be the first to like this
525 views

1 answer

0 votes
Igor Sereda [ALM Works]
Igor Sereda [ALM Works]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 21, 2018

Hi Adam,

I think what you propose is a reasonable solution. We do this ourselves, we have a public-facing Jira Service Desk and an internal Jira for the development team.

The challenge is to keep them connected - we currently rely on the support team creating remote issue links between support and development tickets and development team updating the support tickets when a related issue fix has been delivered (so the support team can contact the original ticket reporter).

Nothing ground-breaking, sorry :)

Igor

View More Comments
Adam Sterrie
Adam Sterrie
Contributor
September 4, 2018

Thanks Igor.

At the moment Atlassian have no inclination to resolve this security risk, even though it may push potential customers for Service Desk to other vendors (e.g. there is a connector between Salesforce and Jira that synchronises the two at the push of a button).

I wonder if the issue collector functionality in Jira can be pointed at a Service Desk!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.