Hi @Robert DaSilva , 

I've tested variations of this with no success. 

Following your instructions I've added a new user to the JSM customers group. Adding the same user to Confluence product access only seems possible if they were to also consume a license which we can't allow. 

Let me know if I'm missing something but in Confluence, I only see the options for User (license), Guest (limited to one Confluence Space and meant for external users), Product Admin (obvious no go), and User Access admin (also not happening). I don't see an option for Confluence Customer which seems like it would solve the issue if it existed.  Is there a way to create roles for Confluence?

I've reached out to support as well and they could not solve but hoping there was some workaround that others have found.  Here is the feature request that the agent created. The title should be corrected to internal JSM Customers.  

[JSDCLOUD-14840] Ability for external JSM Customers to access Confluence Knowledge base pages - Create and track feature requests for Atlassian products.

Hey @Cosmo Denger ,

Ah, so that's correct. If the Space you need people to access is the Knowledge Base feature, that should not require a Confluence license. 

In addition to adding the new user to the Service Management Customer group, you also need to make sure that group is configured in your project itself. 

With all that said, based on the Atlassian Support team creating a bug for this request, the behaviour you are experiencing is either intended functionality or, in fact, a bug.

I would first double-check the Project settings to ensure the users or groups are added there specifically as Customers, but otherwise, we may need to wait for Atlassian to address that bug report.

We did review all the project settings with support, and they found nothing wrong. I just double checked the project settings, and the new test user is also a Customer there. 

It feels like this behavior is Atlassian's way of verifying the user is indeed a customer first before granting access to Confluence.  It's just so clunky because the user is presented with a "Join Confluence" button when they first sign in which prompts a license request to admins.  

You are right, I think this just needs a Confluence role added of "Customer" which grants JSM portal only customers access to Confluence.  

That tracks, I would assume viewing the JSM portal as a customer plants a cookie in the user's browser, which Confluence then uses for verification they can view the content in the Knowledge Base space.

The only other "workaround" would be to grant user licenses to all users, but if you're not actively using Confluence outside of this one project / space, then that can get costly pretty quickly.

One other thought, although this would require a Premium tier subscription, is both whitelisting internal IP addresses for access to Jira and Confluence, and then making the Confluence space Anonymously accessible. This would likely bypass the JSM requirement and let anyone on the internet view the space, but the IP restriction would limit that back down to internal only.

Here's Atlassian's documentation on this feature: https://support.atlassian.com/security-and-access-policies/docs/specify-ip-addresses-for-product-access/

That's an interesting idea, although I don't think it will work for us because we support multiple locations and travelling employees.  I appreciate the idea though!

And yes, everyone having a Confluence license is currently too costly.