Introducing the login-free portal for Jira Service Management

The login-free portal allows your customers to fully enjoy your customer portal without having to create an account. When you enable this feature, your customers will be able to discover other available portals, read knowledge base articles, and raise requests without logging in.

This page is a guide on how to enable the login-free portal, what are the limitations of this feature and how to use it securely.

Enable the login-free portal globally for your instance

This feature is disabled by default and requires several steps to enable it. First, make sure you’ve set up and enabled outgoing mail.

To check this, go to Administration > System > Outgoing mail.

To allow login-free access for your whole instance:

1. Go to Administration > Applications.

2. Under Jira Service Management, select Configuration.

3. Under Public signup, for Can customers sign up for an account, and raise requests by email?, select Yes.

4. Under Login-free portal, for Can customers raise requests from the help center without logging in?, select Yes.

Enable the login-free portal for a project

Once you’ve enabled login-free access to your instance, you also need to enable it for a specific project.

To enable login-free access for your project:

1. Go to the project you want to allow login-free access for.

2. In the project settings, go to Customer permissions.

3. For Who can raise requests?, select Anyone can raise a request on the customer portal or by email.

When login-free access for a project is enabled, project admins will see the following banner and flag message:

How do customers sign up?

When your customers submit their first request through the customer portal, they’ll receive an additional email recommending them to sign up for an account. This email will include a link that they can use to set up their account and track all their requests.

Note that:

• the email contains a secure signup token, which must not be shared with others
• the token will automatically expire, after which the customer will need to reset their password to access their account
• the customer will also receive an email confirming the creation of their request

Request form fields support

Some fields in request forms aren’t supported with login-free access. If an unsupported field is required in a request form, the user without an account will be asked to create one or log in to continue. Note that custom and third-party fields will be displayed in case of login-free access.

Here’s a list of fields that are unavailable with login-free access:

• Security level

• Approvers

• Labels

• Request participants

• Component/s

• Fix version/s and Affects version/s

• Environment (system field)

• Assets (Insight)(custom fields)

Allow anonymous access to your knowledge base

To allow your customers access your knowledge base articles login-free, you may need to enable anonymous access on your linked Confluence space.

To do so:

1. Go to Project settings and select Knowledge base.

2. Under Anonymous access, ensure the viewing permission is set to All active users and customers can access the knowledge base without a Confluence license.

Ensure your Confluence space is set to anonymous access by following the space permissions link. You may also need to enable the global Confluence anonymous access.

To access global permissions in Confluence, go to Settings > General configuration > Global permissions.

If your Confluence space isn’t configured for anonymous access, you’ll see the following warning:

Security advice

For global admins

The global toggle for login-free portal will affect all projects that are currently open-access. We recommend communicating with these projects' respective admins to ensure they are aware of the potential changes.

For Jira Service Management project admins

Due to the nature of the login-free portal, we strongly recommend only using this feature with low-risk projects. It's not guaranteed that the request reporter’s email address belongs to the request sender on the initial request. However, they will need to have access to that email in order to reply, either through email reply or by signing up to use the customer portal.

It might be worthwhile setting up automation rules to remind your agents that:

• On issue creation, the email isn't guaranteed to belong to the help-seeker.

• On the customer’s first comment, it's safe to assume that the user has access to the email address, thus confirming their identity.

Set up an automation rule for login-free access safety

Admins can use Jira Service Management’s Automation for Jira, to add a comment to all requests created by help-seekers that aren’t logged in. The automation rule can be configured at a global level, if you want to add automation to all service projects using the login-free portal, or it can be configured per project.

Sample automation rule:

Name: Flag anonymous request

Description: Warns agents about potential spoofing or phishing on the customer portal. Comments on an issue when the reporter isn't logged into an account when sending a request.

When: Issue created

If: Issue matches JQL condition: request-channel-type = anonymousportal

Then: Add comment: “This issue was reported from the customer portal while the user wasn't signed into an account.”