Set up Jira Service Management with Knowledge base

Owned by Steinar Line
Last updated: Oct 20, 2022
3 min read

Remember My Login

Jira and Jira Service Management dashboards and views frequently use XHR/REST calls to retrieve and update data. Unfortunately, the page logic generally doesn't handle session timeouts in a good way, with multiple screens that simply stop functioning and the only explanation to be found in the Browser's Javascript console.. Clicking menu items, links or buttons simply doesn't do anything, and the user has to manually refresh the page to trigger re-authentication to make things work again. 

If this is a problem for your users, you can mitigate it by enabling "Remember My Login" (RML) in Kantega Single Sign-on. This will make Jira remember all SSO users in the same way as if they had checked "Remember my login" during regular username and password authentication. Jira has a 5 hour session timeout by default. With RML enabled, users effectively stay logged in for two weeks by default, making session timeouts a far more rare occurrence. The caveat is that users now only need to check in with the IDP/SSO once every two weeks or so. You should consider if this is acceptable before deciding to enable RML for SSO. It may be a non-issue, but if your access control strategy relies heavily on the IDP allowing access at login-time, you probably do not want to enable RML for your SSO users.

 

Knowledge base

By integrating Jira Service Management and Confluence, the customer portal can automatically provide links to relevant knowledge base content in Confluence. This allows users to troubleshoot and potentially solve the issue on their own, or at least to further refine the ticket.  

This technical quide explains how to Link a Confluence space to your Jira Service Management.

Kantega Single Sign-on Enterprise supports logging in to Jira Service Management (JSM) both with Kerberos and SAML identity providers, and both support agents and customers can benefit from single sign-on. 

There are several ways to tune the behaviour of logins into JSM. If you, for instance, would like to have Kerberos only from your LAN, you can set up IP address restrictions. Also, if you have multiple SAML identity providers you can setup redirection rules for users based on their email domain, user directory associations and group memberships.

Knowledge base permissions

Setup of Confluence as a knowledge base is very easy if the documentation is public and does not require authentication. However, this it not the case for many organizations. It is a common scenario that knowledge base articles should be available through the customer portal/service management, but at the same time require authentication for users accessing this content in Confluence directly.

When you set up a Knowledge base you should set up this access in the JSM knowledge base configuration:

 

Then you get the default Jira Service Management-specific permission of anonymous access as shown below:

 

If you are using SAML based login in Kantega Single Sign-on, you must keep this default setting for your Knowledge base space. The reason why is that when JSM opens a Knowledge base article for viewing, this is done in an IFRAME. Most SAML identity providers do not permit sourcing the login UI through an iframe.

If you would like to require a login to the Knowledge base space when users are visiting directly in Confluence, this can be achieved by the Forced SSO URLs feature (found in menu under Common).