Restrict login using a sql database containing usernames and passwords
Currently anyone can create a ticket
-
Thomas Bender commented
I would be great if this (restriction) works with one or more saml connections so we can implement this with all modern directories (for example asure ad and Google)
-
Rishabh Bitola commented
Its 2021, no updates from hesk. Sad. :(
-
Treblig commented
In a very old version of Hesk V2 (probably 2.6.7 or 2.6.8 ), I had implemented a forced login for all users.
As far as I can remember all changes to Hesk files are those indicated in the text file below (link).
Users had to be pre-registered in the Hesk users table by the Hesk admin, there is no register form only a login form.
Whether these changed are transferable to other Hesk V2 / V3 versions or not is left as an exercise to the brave as I have changed jobs & company and no longer use Hesk.Warning & disclaimer : I'm not a "true" PHP developer and accept no responsibility whatsoever to changes anyone makes to Hesk
See https://developers.phpjunkyard.com/viewtopic.php?f=14&t=6639&p=28605#p28605
Treblig
-
Enrico commented
This should be a MUST
-
Ramón commented
Its 2020 , nothing on this? , terrible, i dont know the reasons, but this would be great.
-
Wolftech.cl commented
Hello, as I said the friend two years ago, it's 2019 Is there any update about these features?
-
Elena Caramanico commented
it's 2017 is ther any update baout this features?
-
Victor Moya commented
A good start to keep with in the 2.x version would be the ability to only allow emails/IPs instead of the current feature with is to ban only emails and/or IPs. In my current organization I have to import all emails to the database to ban and then only allow (UN BAN) emails that can submit tickets. Like department heads, team leaders, supervisors, managers, etc.
I think having an option to only allow should be a somewhat simple code upgrade for the next update and I then still keep it with in 2.x and not completely overhaul in 3.x but then again I'm not a coder/PHP developer. I also made this request in MFH.
Hesk has been a life saver and MFH made it look great.
Thanks to all the team over at Hesk and MFH
Thanks for reading.
-
Anonymous commented
This is the best possible option which is needed for almost all purposes.
-
Treblig commented
Hi,
New to Hesk, we're planning to use Hesk for multiple "companies/organizations/entreprises/whatever_you_want_to_call_them" and we made a few changes to Hesk :
1. only registered users are allowed to submit/change tickets : users are pre-registered in Hesk using hesk users table.
2. "categories" become "organizations" and registered users of organization A can only submit and see tickets of organization A. One user = one organization (except Hesk "root", i.e me !)
Changes are not a "one size fits all" type, especially if you need categories.
I'm playing with PHP and won't call myself a developer so I have probably left security holes.If anyone wants my changes to Hesk, please drop me a private message with your email (I may not follow this site regularly)
-
Seb commented
would be easier with SSO access restriction by users or by groups
-
Anonymous commented
Holy cow still it has'nt been put in?! What the hell. It's a bot zoo out there. Dare to expose anything not protected is just asking for it.
MAKE IT HAPPEN YOU GUYS! FRIGEN BASIC USER AUTH, HOW HARD CAN IT BE?!
-
Anonymous commented
Very important because anybody can submit a ticket
-
Anonymous commented
+1 here. We want to open up the website outside the company so remote users/customers can log tickets without having to VPN to our network. If we expose it as it is now, we risk bots attacking the site and/or random people opening tickets. Some level of security is surely needed. I am not sure why this has never been addressed. Seems like a pretty basic need to me.
-
HESK was specifically designed NOT to use username/passwords.
This feature will most likely not be included in HESK 2.x, but is being considered as an OPTIONAL feature (turn on/off) for HESK 3.x
-
Anonymous commented
Yes I am Agree with this and it is Strongly recommended username and password otherwise anybody can submit a ticket
-
Anonymous commented
Yes I would have to agree this feature. Strongly recommended username and password
-
fxd commented
3+ here ... you know considering all great benefits which are mentioned by the others, the great benefit would be integration with other scripts like WHMCS.
By having user/password feature for each user , we would be able to sync user/passwords.
IMO this is the only weakness of HESK ... I hope Klemen takes care of it ASAP.
Thank you
-
Steve commented
Any update on this? Status is under review since March 16, 2012...
This will be a great add-on feature (which I think should come as a default).
-
Alcazar commented
It would be nice to have a user login like you have staff login. Otherwise create an email filter to ban certain emails and domains from creating tickets.