Summary

When public signup is disabled in a JSM instance, users don't see this option on the customer portal login page (<Jira_base_url>/servicedesk/customer/user/login?destination=portals).

However, users will still be able to access the signup page using the direct URL <Jira_base_url>/servicedesk/customer/user/signup. After filling in the details and clicking on "Sign Up", nothing will happen though, so the signing up functionality is working correctly and users cannot create an account. Also, a HAR trace will show a "400 Bad request" error, which is expected.

If you are concerned with the fact that some users would access the signup URL directly and you wouldn't want this page to be available at all, then you can try the solution from this article.

Environment

Jira Service Management 4.x and above.

Solution

To block the access to the signup page altogether, add to the file <jira-installation-directory>/atlassian-jira/WEB-INF/urlrewrite.xml the rule below, which will return a HTTP 403 error whenever someone calls <Jira_base_url>/servicedesk/customer/user/signup page:

<rule>
	<from>(?s)/servicedesk/customer/user/signup</from>
	<condition type="session-attribute" name="seraph_defaultauthenticator_user" operator="notequal">.+</condition>
	<set type="status">403</set>
	<to>null</to>
</rule>

Restarting Jira is necessary for the changes to be applied.

 When upgrading Jira, you will have to redo this modification. Also, if you're planning to enable public signup, the change has to be reverted.

Here is an example with what the users will see when trying to access the signup page after the steps above: