Uploaded image for project: 'Alfresco One Platform'
  1. Alfresco One Platform
  2. ACE-5181

Cloud: Restrict/control access to Alfresco Cloud network



      The original requirement has been superseded by changes made to Alfresco Cloud which essentially prevent users signing up themselves; however there is one exception:

      When a customer has an account and a user who is not currently a user initiates a password reset they are sent an email which contains a link to create an account.

      Steps to reproduce:

      1. https://my.alfresco.com/share/
      2. Click Forgot password?
      3. Enter an email address that is not currently a user of Cloud (note the @domain.com must be a registered network!).
      4. Receive an email

      Result: the email address is sent a link which enables them to create themselves on their organisations Cloud account outside of any administrator control.

      Expected result: users should not be able to create themselves accounts on customer networks via the forgotten password 'back door'.

      Please can we remove the Sign Up link from this email:

      And insert this replacement text: Either contact your administrator to be added as a user or Log In With A Different Email.

      Original requirements, replaced by the above:
      The automatic assignment of an user who signs up with an email address of the same network domain causes trouble for some customer.
      Feature to restrict/control access to a Alfresco Cloud network on per user basis is requested, i.e an approval process to grant access
      could be a solution.

      [Steps to reproduce]:
      No steps to produce. Use case - scenario:

      1.) Customer has about 340 000 Employee across 30 countries. Each country is an independent organisation.
      If for example the Belgium branch subscribes to Alfresco Cloud only employees of that particular branch should get access to the service.

      2.) Actually and as per the case description:
      Network admin observes an abuse of the service. Employees from other branches across the world had already an account in their Alfresco Cloud network and have been added automatically to. In fact, they shouldn't be added because customer has just signed up for 10 accounts and dedicated them to the Belgium branch.

      [Expected Behaviour]:
      Approval process

      [Observed Behaviour]:
      User with an email address of the same network domain

      [Analysis to date]:
      Ways to solve this at the Admin level of a network - I can think of:
      1) Set up a workflow to request validation from the Admin for each user
      2) Set a network as "Restricted" in order to let the Administrator choose who should join this (This one could be great but would require more development)
      3) Be able to disable an account
      4) Be able to set a user as external user even if he has an email within the company


          Issue Links




                • Assignee:
                  closedbugs Closed Bugs
                  nkisa Nebil Kisa
                • Votes:
                  7 Vote for this issue
                  7 Start watching this issue


                  • Created:

                    Time Tracking

                    Original Estimate - Not Specified
                    Not Specified
                    Remaining Estimate - 0 minutes
                    Time Spent - 1 day, 7 hours, 55 minutes
                    1d 7h 55m

                      Structure Helper Panel