I want to run an intranet and extranet in the same instance and make sure that external users can only see employees who they work with. At the same time the employees themselves should be able to continue working without visibility restrictions.
-
Edit the app configuration so that only global administrators, space administrators and extranet user administrators can access all user data.
-
Create a dummy extranet space.
-
Assign the groups that represent the internal users (employees) to this extranet space, e.g. “all-employees”, “internal-users” etc. Often, these users are from the connected LDAP (directory service), for example Active Directory (Microsoft). Space Privacy updates the group memberships, so that when users are removed from an assigned group, also lose the access to the corresponding extranet space.
As a result, all internal users still see each other and can use Confluence as usual.
- If you also want your employees to work with external users, add the relevant users or groups to the respective extranet spaces.
Only users that share one (or more) extranet spaces with external users, can be seen by them. This also applies to other external users (often locally managed) and internal employees of your company.
We already have a user story for a solution that does not require an extranet dummy in our backlog. However, we have not yet planned its implementation. Please contact us, if you are interested in sponsoring this development.
