Great response! See my clarifying response - 

We are integrating service desk to an existing Jira instance. The goal is to create two service desks - one with external customers with no access to Jira and the other service desk for employees with access to the existing Jira software instance. 

We do not want external customers to have access to the employee(internal) service desk. They should only have access to the external service desk help portal. 

My question - 

Restricting public sign-up means only added customers are allowed to access a service desk after authentication. One of my use cases would want anyone to raise requests for the external customer service desk. I guess this means allowing public sign ups? How do i ensure there's no security hole in my configuration by allowing external customers create accounts to my Jira site? I want to isolate my Jira internals from the external customers and relegate these customers to only the external service desk portal

Hi @Stephen O. Haruna 

We do not want external customers to have access to the employee(internal) service desk. They should only have access to the external service desk help portal. 

In this case, you can hide the request type from the customer portal. An alternative to this is a second SD project for your internal team and you then edit the permission of the project to people added only in the project settings page.

With regards your question on public sign-on, I do not know if you are referring to the JSD public sign-on or JIRA's public sign-on. You can restrict customer public sign on by doing the following:

1. Go to https://<yourdomain>.atlassian.net/secure/admin/SDConfiguration.jspa
2. Under Customer permission, allow them to create accounts by Sign-up or sending in Emails.
3. If you want to allow anonymous users to create tickets without login then tick yes in the next option. See the image below:
   

Doing this only provides access to CS portal. You can further restrict what portals users can access by:

1. Go to https://<your-domain>.atlassian.net/servicedesk/admin/<project-key>/customer-permissions page
2. In the option Who can Access the Portal and Send request, select the option "Customers my team adds to the project". (This is usually the default) and this can be used to lock customers out of your internal Service Desk. (See also my comment about hiding request types).
   1. You will want to select the other option for the external service desk.

Now for the elephant in the room, preventing internal employees from creating issues in the external portal.

To be blunt, this is not possible. Simply because to make the external service desk public, we open it to all customers in your JIRA instance(this includes employees). Hence they can raise tickets there as well. Just communicate  correctly where they should raise their ticket to reduce this risk.

With all the above, your externals should not be able to see internal projects or even the internal service desk.

I will suggest creating a test customer account to test this out before rolling this out live.

Cheers.