Prepare Atlassian Jira connector
The Atlassian Jira connector retrieves information about subscriptions, users, and user activity.
To set up this connector, you must first retrieve the cloud ID for your Jira site. Then proceed with one of the following authentication options:
-
Authenticate using an API token with scopes (recommended): If you opt for this, select Token with scopes (Recommended) as the authentication method when you add the connector.
-
Authenticate with OAuth 2.0: If you opt for this, select OAuth as the authentication method when you add the connector.
The connector intentionally does not use Atlassian's organization-level Last login or Last seen data, because that information requires high-privilege organization admin APIs. Instead, it relies on the standard Jira Cloud REST v3 APIs with least-privilege scopes and additional discovery sources (such as the Flexera browser extension and other connected SaaS applications).
As a result, some users may appear with No activity in Flexera One SaaS Management when the browser extension is not installed or actively used. When the browser extension is in use, this status should generally not appear. It is also expected that activity timestamps may differ from what is displayed in the Jira Admin portal. This is because Flexera consolidates and normalizes activity signals from multiple sources, rather than relying on a single application’s native activity indicators. These differences are expected behavior and do not indicate a connector defect.
Prerequisites
The minimum requirements to connect to the Jira API are an Atlassian user account with the Jira System Administrator or Site Administrator permissions. These permissions will enable the connector to retrieve data on your Jira Software application.
Get the cloud ID for your Jira site
-
Enter the following URL into your browser, replacing
YOUR-SITEwith the name of your Jira website:https://YOUR-SITE.atlassian.net/_edge/tenant_info -
Copy and save the cloud ID shown on the webpage.
Authenticate using an API token with scopes
Follow these steps to generate an API token with the scopes required for the Atlassian Jira connector.
-
Sign in to Atlassian and go to https://id.atlassian.com/manage-profile/security/api-tokens.
-
Select Create API token with scopes.
-
Enter a name for the token and the expiration date, and then select Next.
-
Select the Jira app and click Next.
-
Enable these scopes:
read:application-role:jiraread:audit-log:jiraread:avatar:jiraread:group:jiraread:license:jiraread:issue:jiraread:issue-meta:jiraread:field:jiraread:field-configuration:jiraread:issue-details:jiraread:user:jiraread:user.columns:jiraread:jql:jira
-
Select Next.
-
Review your changes, and then select Create token.
-
Copy and save the API token value.
Authenticate with OAuth 2.0
Follow these steps to configure an OAuth 2.0 integration with Atlassian Jira.
Initiate an OAuth 2.0 integration and select API scopes
-
Sign in to Atlassian Developer console: https://developer.atlassian.com/console/myapps/.
-
Select Create > OAuth 2.0 integration.
-
Enter a name for the integration, and then select Create.
-
On the sidebar menu, select Permissions.
-
For the Jira API, select Add, and then select Configure.
-
Select the Granular scopes tab.
-
Select Edit scopes, and enable the following 13 scopes:
read:application-role:jiraread:audit-log:jiraread:avatar:jiraread:group:jiraread:license:jiraread:issue:jiraread:issue-meta:jiraread:field:jiraread:field-configuration:jiraread:issue-details:jiraread:user:jiraread:user.columns:jiraread:jql:jira
-
Select Save.
Get the refresh token
If you plan to add multiple Jira connectors, you must retrieve a unique refresh token for each instance.
-
In the Atlassian Developer console, on the sidebar menu, select Authorization.
-
Select Add.
-
In the Callback URL field, enter
http://localhost. -
Select Save changes.
A Granular Jira API authorization URL will be generated.
-
Copy the Granular Jira API authorization URL. It will contain the following query parameters:
https://auth.atlassian.com/authorize?
audience=api.atlassian.com&
client_id=YOUR_CLIENT_ID&
scope=REQUESTED_SCOPE_ONE%20REQUESTED_SCOPE_TWO&
redirect_uri=https://YOUR_APP_CALLBACK_URL&
state=YOUR_USER_BOUND_VALUE&
response_type=code&
prompt=consent -
Replace the parameters in the URL with the values below:
Parameter Value scope=offline_access%20read%3Aapplication-role%3Ajira%20read%3Aaudit-log%3Ajira%20read%3Aavatar%3Ajira%20read%3Agroup%3Ajira%20read%3Alicense%3Ajira%20read%3Aissue%3Ajira%20read%3Aissue-meta%3Ajira%20read%3Afield%3Ajira%20read%3Afield-configuration%3Ajira%20read%3Aissue-details%3Ajira%20read%3Auser%3Ajira%20read%3Auser.columns%3Ajira%20read%3Ajql%3Ajira&state=Enter a unique and unguessable string. The state parameter is a security feature that mitigates the risk of the authorization flow being hijacked. For more information, see What is the state parameter used for?. -
Enter the constructed URL in your browser.
You will be redirected to an Atlassian webpage requesting authorization.
-
Select Accept.
You will be redirected to your Callback URL. This URL will contain the
codeparameter. -
Copy and save the value of the
codeparameter. -
Run the following command in a command line. Use the cURL tool and replace the
dataparameters with the values listed in the table below.tipYou can also generate the refresh token using Postman, instead of the cURL tool. Every value that is inserted into the URL must be properly encoded.
curl --request POST \
--url 'https://auth.atlassian.com/oauth/token' \
--header 'Content-Type: application/json' \
--data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'Parameter Value YOUR_CLIENT_IDYour client ID. To find your client ID, follow the instructions in Get the client ID and client secret. YOUR_CLIENT_SECRETYour client secret. To find your client secret, follow the instructions in Get the client ID and client secret. YOUR_AUTHORIZATION_CODEThe value of the codeparameter you saved in step 9.https://YOUR_APP_CALLBACK_URLlocalhostor whichever Callback URL you entered in step 3.The request will return the following:
HTTP/1.1 200 OK
Content-Type: application/json
{
"access_token": <string>,
"expires_in": <expiry time of access_token in second>,
"token_type": "Bearer",
"refresh_token": <string>,
"scope": "read:issue-details:jira read:user.columns:jira read:user:jira read:application-role:jira read:avatar:jira read:issue-meta:jira offline_access read:audit-log:jira read:field-configuration:jira read:license:jira"
} -
Copy and save the
refresh_tokenvalue.
Get the client ID and client secret
-
In the Atlassian Developer console, go to Settings.
-
Copy and save the Client ID and Client secret values.
Add Jira connector
-
You must set up individual instances for your Jira and Confluence connectors. Atlassian's policy prohibits adding both Jira and Confluence connectors to a single application in Flexera One SaaS Management.
-
If you plan to add multiple Jira connectors, use the unique name of your Jira website as the connector name in Settings to help differentiate between instances. The connector name displays in the Discovery source column on the SaaS pages.
After completing these tasks, follow the general procedure to Add connectors. When adding the connector, you are prompted to select an Authentication method depending on your chosen method. Select Token with scopes (Recommended) if you followed the instructions to Authenticate using an API token with scopes; select OAuth if you followed the instructions to Authenticate with OAuth 2.0.
The connector makes API calls to the vendor and retrieves data. For more information, see API calls and Data retrieved by the connector.