Jira - Cloud
Navigation Path
Management → Accounts & Integrations → Add New Account (top right) → Atlassian → Scoped API Token - Jira
Overview
Connect SailPoint Entro to Jira Cloud using an Atlassian scoped API token so you grant only the access you choose. We use those scopes to scan issues, comments, and attachments (and optionally create issues), while Jira project permissions continue to control what we can read/write. The connection uses your Cloud ID and can be paired with webhooks for near real-time detection.
Installation & Configuration
-
Get Company's Jira Domain
-
Login to your company's Atlassian Jira.
-
Get the domain with the format:
https://<yourCompany>.atlassian.net -
Copy the domain and save for later.
-
-
Get Your Jira Cloud ID
-
While logged in to Jira, go to this URL:
https://<yourCompany>.atlassian.net/_edge/tenant_info -
The JSON presented includes the Cloud ID.
-
Copy the Cloud ID and save for later.
-
-
Get Your Atlassian User Email Address
-
While logged in to Jira, go to this URL: [
https://id.atlassian.com/manage-profile/profile-and-visibility](https://id.atlassian.com/manage-profile/profile-and-visibility) -
Under the Contact section, see the user email address.
-
Copy the email address and save for later.
Optional: Create Dedicated SailPoint Entro Integration User
Create a SailPoint Entro user with its own email account, it can be used for all future Atlassian integrations as well if necessary.
-
Go to Atlassian Admin Portal - Admin user is required.
-
Click on "Directory" tab.
-
Click on "Invite user" and follow the prompts.
-
Use the created user email address in the Atlassian username on the SailPoint Entro onboarding form.
-
-
Create Jira Scoped API Token
-
Go to Atlassian API Token page and click on Create API token with scopes.
-
Give the token a name (for example:
Entro Security Jira Integration). -
Set expiration date for the token (maximum time is 365 days).
-
Click on Next.
-
Choose Jira and click on Next.
-
Select the scopes you wish to grant the token.
Note: The write scope is optional, and it enables the capability to create Jira tickets for risks straight from the SailPoint Entro application
Classic scopes with additional granular scopes (6 scopes)
Classic scopes:
Granular scopes:
Or just copy the below in the searchbox for easy selection:
read:jira-work,read:jira-user,write:jira-work,read:email-address:jira,read:epic:jira-software,validate:jql:jira-
Click on Next.
-
Review the details and scopes, once you confirm click on Create token.
-
Copy the token and save for later.
-
-
Connect Atlassian Jira to SailPoint Entro
In the SailPoint Entro Console, navigate to: Management → Accounts & Integrations → Add New Account (top right) → Atlassian → Scoped API Token - Jira
Complete the onboarding form as follows:
Field Description Environment Enter the relevant environment type (e.g., Production / Staging) Atlassian URL Paste the URL with the company domain from Step 1 Jira Cloud ID Paste the Jira cloud ID from Step 2 Atlassian Username Paste the user email address from Step 3 Atlassian API Token Paste the API token from Step 4 Worker Group (Connector) Select the SailPoint Entro Connector handling Atlassian scans Then click Create Account.
SailPoint Entro will validate your credentials and start the initial scanning.
Security & Compliance
-
All SailPoint Entro actions are read-only; no changes are made to your issues, comments or attachments.
- Except for one write action (optional) to create Jira issue from SailPoint Entro application.
-
Tokens are encrypted in memory and transmitted only via TLS 1.2+.
-
Access scopes are restricted to issues, comments and attachments metadata and its history.
-
SailPoint Entro is certified for SOC 2 Type II, ISO 27001, and GDPR compliance.