- 28 Nov 2023
- 6 Minutes to read
Atlassian (Formerly Atlassian Jira Software)
- Updated on 28 Nov 2023
- 6 Minutes to read
Atlassian (formerly Atlassian Jira Software) is a work management tool for various use cases, from requirements and test case management to agile software development.
This adapter lets you fetch data and get visibility and security across all Atlassian accounts and products at your company, including the users managed under the following cloud products:
- Jira Software
- Jira Work Management
- Jira Service Management
|Attributes||Cybersecurity Asset Management||SaaS Management|
|Service Account Required?||Yes||Yes|
|Service Account Permissions||Administrator||Administrator|
|API Key Required||Yes||Yes|
|Required Adapter Fields||Jira Domain, Username, API Token, Jira API Version||Jira Domain, Username and Password, API Token, Jira API Version, Atlassian Admin API - Organization ID, Atlassian Admin API - API key, 2FA Secret Key|
Types of Assets Fetched
This adapter fetches the following types of assets:
- SaaS data
The parameters that you need to fill out will differ based on the capabilities in your Axonius platform. 'General' pertains to users with Cybersecurity Asset Management and/or SaaS Management capabilities.
Jira Domain (required) - The hostname or IP address of the Jira Software server.
User Name (required)* - The username for a user account that has the Required Permissions to fetch assets.
API Token (required) - An API Token associated with a user account that has the Required Permissions to fetch assets. Note: The API Token is not the same as the Admin Key.
Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
Jira API Version (required, default: V3) - Select your Jira API version.
To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
- Password - The password for the Atlassian user account. Needed for fetching Settings from Atlassian.
- Atlassian Admin API - Organization ID and Atlassian Admin API - API key - The organization ID and an organization API key generated for fetching SaaS data. Needed for fetching organizational data.
- 2FA Secret Key - If you access Atlassian through an SSO solution that requires two-factor authentication, and you want to fetch Settings from Atlassian, you will need to generate a secret key in that solution and paste it here. See instructions for performing this action in Okta.
- Connection Label - A label to help distinguish between multiple connections for the Atlassian adapter.
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters
- Do not fetch disabled users (required, default: false) - Select whether to exclude fetching disabled users.
- Distinguish User ID From Different Domains - When selected, the Atlassian domain is appended to the ID of each user, to allow Axonius to fetch the same users from multiple sites without overriding the data.
- Fetch projects and project roles - Select this option to fetch projects and project roles.
- Fetch groups - Select whether to fetch users groups details.
- Fetch permissions - Select to fetch permissions configured for the Atlassian accounts in your organization.
- Fetch settings - Select to fetch settings configured for the Atlassian accounts in your organization.
- Filter users without site access - Select to exclude users who cannot access the Atlassian site.
- Number of parallel requests - Specify the maximum parallel request this adapter will create when connecting the Atlassian server.
- This setting lets you control the performance of this adapter.
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Axonius uses the Jira Cloud platform REST API*.
The value supplied in User Name must have Jira 'global' permissions to fetch assets. For permissions required for fetching Saas data, see the Create a User Account and Create an Organization API Key sections.
Set Up the Adapter
To successfully connect this adapter, you need to complete the following steps.
Accounts with only Cybersecurity Asset Management:
Accounts with SaaS Management Capabilities:
Create a User Account
Note: While to access SaaS data you need to grant roles and/or permissions that include write capabilities, the adapter only actually reads data from the application.
- This step is only needed for fetching SaaS data.
- If single-sign-on is enabled, then it is recommended to derive the username and password from a user account maintained by the single-sign-on solution.
You must have the Jira Administrator or Jira System Administrator global permission to be able to manage users in Jira applications.
To create a new user, from the Atlassian Administration:
- Go to Administration > User Management.
- In the User browser, select Create User.
- Enter the Username, Password, Full Name, and Email address.
- The password length should be at least 32 characters.
- The user account needs to have MFA disabled.
- Select all Jira applications.
- Select Create.
- To fetch data from the Atlassian Access, the created account must be an admin:
- Go to Settings > Administrators.
- Click Add administrators.
- Enter the created Atlassian account email address and click Grant access.
- If the created account has not been set as an admin, to fetch data from Jira, edit that user and add them to groups that provide the following permissions:
- Administer Jira global permission
- Browse users and groups global permission
- Administer projects project permission (for all projects)
- If the created account has not been set as an admin, to fetch data from Confluence, edit that user and add them to groups that provide the following permissions:
- Permission to access the Confluence site ('Can use' global permission).
- 'View' permission for all spaces.
Create an Organization API Key
Note: While to access SaaS data you need to grant roles and/or permissions that include write capabilities, the adapter only actually reads data from the application..
This step is only needed for retrieving SaaS data.
- Login to admin.atlassian.com with the created Atlassian account. Select your organization if you have more than one.
- Select Settings > API keys.
- Select Create API key in the top right.
- Enter a name that you’ll remember to identify the API key.
- Set the latest date possible for the key expiration date. You will be unable to select a date longer than a year from the date of creation.
- Select Create to save the API key.
- Copy the generated Organization ID and API key.
- Select Done. The key will appear in your list of API keys.
- In Axonius, paste the copied values in the Atlassian Admin API - API Key and Atlassian Admin API - Organization ID fields.
Create an API token
- Login to admin.atlassian.com with the created Atlassian account, and generate an API token, using the following URL: https://id.atlassian.com/manage/api-tokens#
- To generate an API Token, click on Create API token
- Choose a label that is short, memorable, and easy to remember, and click Create.
- Copy the generated API token.
- In Axonius, paste the copied token in the API Token field.
This adapter has only been tested with the versions marked as supported, but may work with other versions. Please contact Axonius Support if you have a version that is not listed and it is not functioning as expected.