Configuring IdentityIQ to Integrate with Atlassian Cloud Jira Service Management

This section provides the required information for configuring IdentityIQ to integrate with Atlassian Cloud Jira Service Management.

This is intended as an introduction to the configuration required to integrate IdentityIQ with Atlassian Cloud Jira Service Management. It outlines some examples that must be used as a reference point for implementation. Some changes may be required to meet specific use case and expertise around both systems are a must for the successful implementations.

SailPoint provides a default Atlassian Cloud Jira Service Management configuration. This configuration implements the integration between IdentityIQ and the Atlassian Cloud Jira Service Management to fulfill (fulfillment of the ticket is done manually) creation of tickets based on IdentityIQ access certification remediation events.

The default configuration is located in the following directory, where iiqHome is the location where IdentityIQ was installed:

iiqHome/WEB-INF/config/connector/IdentityIQforAtlassianCloudJiraServiceDesk.xml

Once the following configuration information is populated then import the IdentityIQforAtlassianCloudJiraServiceDesk.xml file. This would create an application.

The configuration must include the following entries:

ticketType

Enter one of the following ticket type to generate ticket on Service Desk system:

serviceRequest
incident
changeRequest

Applicable if authenticationType is selected as Basic

Applicable if authenticationType is selected as OAuth2

Application Configuration XML would have all configurations for Service Request, Incident and Change Module. Depending on the type of selection for ticketType, respective configuration would be executed by connector for the request processing.

Each module would have provision and checkStatus entries as mentioned below:

Provision:

Entries	Description
resource	Ticket creation rest endpoint. Do not provide the base url in the value. Base url would be appended to this endpoint value. Provide only remaining endpoint URL. Atlassian Cloud Jira Service: /rest/servicedeskapi/request
responseElement*	The value is JSON path expression which provides information about where to find ticket number in the response from rest endpoint. For example, issueKey
request*	Map that represents the request payload, which has velocity template expression and velocity variables that would be dynamically updated by integration before making rest call.
serviceDeskId*	ID of the Service Desk in Jira Service Desk. To obtain the Service Desk Id, execute the following request from POSTMAN with valid credentials: https://demo.atlassian.net/rest/servicedeskapi/servicedesk Use the id field from response and add it in application xml.
requestTypeId*	ID for each request type. For example, Service Request: 10002 Incident: 10004 Change Request: 10003 To obtain the requestTypeId, execute the following request from POSTMAN with valid credentials: https://demo.atlassian.net/rest/servicedeskapi/servicedesk/{serviceDeskId}/requesttype Use the value of the id which is obtained from response. Ensure that the requestTypeId belongs to the same project which would be used. Verify the serviceDeskId for the same.
raiseOnBehalfOf*	The value represents the name of the reporter.
requestFieldValues*	The map of request filed values containing description and summary.
description*	The main body of the request in Jira Service Desk, which includes the details about the request.
summary*	Title / Summary of the request in Jira Service Desk.
Customfield only used for changeRequest	To obtain the value for customfield, in change request use the following rest api: GET /rest/servicedeskapi/servicedesk/{serviceDeskId}/requesttype/{requestTypeId}/field If customfield is not mandatory for changeRequest in your project, then delete the entry key from `IdentityIQForAtlassianCloudJiraServiceDesk.xml` and generate the ticket: Copy `<entry key="customfield_10033"> <value> <Map> <entry key="value" value="Normal" /> </Map> </value> </entry>`

Check Status:

Entries	Description
resource	Ticket creation rest endpoint. Do not provide the base url in the value. Base url would be appended to this endpoint value. Provide only remaining endpoint URL. Atlassian Cloud Jira Service Management: /rest/servicedeskapi/request/$ticketId
responseElement*	The value is JSON path expression which provides information about where to find ticket number in the response from rest endpoint. For example, currentStatus.status
statusMap	Map that relates Ticket System status to IdentityIQ status.

If any changes required in the mapping, change the default value/key values in statusMap as mentioned in the following tables:

statusMap for Service Request

Entry key (Atlassian Cloud Jira Service)	Value (IdentityIQ)
Completed	Committed
Canceled	Failed
Blocked	Queued
Waiting for support	Queued
Waiting for customer	Queued
Escalated	Queued
In Progress	Queued
Pending	Queued
Closed	Committed
Resolved	Committed

statusMap for Incident

Entry key (Atlassian Cloud Jira Service)	Values (IdentityIQ)
Resolved	Committed
Closed	Committed
Canceled	Failed
Work In Progress	Queued
Open	Queued
Blocked	Queued
Pending	Queued
Completed	Committed

statusMap for Change Request

Entry key (Atlassian Cloud Jira Service)	Value (IdentityIQ)
Completed	Committed
Blocked	Queued
Planning	Queued
Review	Queued
Implementing	Queued
Waiting for support	Queued
Triage	Queued
Canceled	Failed
Declined	Failed
Peer review/change manager approval	Queued
Resolved	Committed
Closed	Committed
Pending	Queued
Awaiting CAB approval	Queued
Awaiting Implementation	Queued

Retryable Mechanism

For availing the advantage of some of the logic around retryable situations, add the retryable error messages list to the attributes map on an application. The retryableErrors entry is a list of strings through which the connector searches when it receives a message from the managed application. If one of the strings in the entry exists in the error, the connector attempts to retry the connection. When the configured error string is not a part of the error message returned from the connector, then IdentityIQ would not attempt a retry.

For example:

Copy

<entry key="retryableErrors"> 
    <value> 
      <List> 
        <String>Connection reset</String> 
      </List> 
    </value>
</entry>

Enter the following command to enable log4j2 logging on Service Desk component:

logger.JiraSDIM.name=openconnector.connector.servicedesk.ServiceDeskConnector
logger.JiraSDIM.level=info

Managed Resources

You can manage the IdentityIQ applications through the Atlassian Cloud Jira Service Management. To manage the applications, you need to add them individually as a ManagedResource under the ProvisioningConfig tag provided in the IdentityIQforAtlassianCloudJiraServiceDesk.xml file.

For example, to add three applications such as Procurement_System, HR_System, and Finance_System, add them individually as a ManagedResource as shown below:

</ApplicationRef>

</ManagedResource>

</ApplicationRef>

</ManagedResource>

</ApplicationRef>

</ManagedResource>

......................

</PlanInitializerScript>

</ProvisioningConfig>

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.

Configuring IdentityIQ to Integrate with Atlassian Cloud Jira Service Management

Applicable if authenticationType is selected as Basic

Applicable if authenticationType is selected as OAuth2

Provision:

Check Status:

statusMap for Service Request

statusMap for Incident

statusMap for Change Request

Retryable Mechanism

Managed Resources

Documentation Feedback