Skip to content

Jira - Cloud

Management → Accounts & Integrations → Add New Account (top right) → Atlassian → Scoped API Token - Jira


Overview

Connect SailPoint Entro to Jira Cloud using an Atlassian scoped API token so you grant only the access you choose. We use those scopes to scan issues, comments, and attachments (and optionally create issues), while Jira project permissions continue to control what we can read/write. The connection uses your Cloud ID and can be paired with webhooks for near real-time detection.


Installation & Configuration

  1. Get Company's Jira Domain

    1. Login to your company's Atlassian Jira.

    2. Get the domain with the format: https://<yourCompany>.atlassian.net

    3. Copy the domain and save for later.

  2. Get Your Jira Cloud ID

    1. While logged in to Jira, go to this URL: https://<yourCompany>.atlassian.net/_edge/tenant_info

    2. The JSON presented includes the Cloud ID.

    3. Copy the Cloud ID and save for later.

  3. Get Your Atlassian User Email Address

    1. While logged in to Jira, go to this URL: [https://id.atlassian.com/manage-profile/profile-and-visibility](https://id.atlassian.com/manage-profile/profile-and-visibility)

    2. Under the Contact section, see the user email address.

    3. Copy the email address and save for later.

    Optional: Create Dedicated SailPoint Entro Integration User

    Create a SailPoint Entro user with its own email account, it can be used for all future Atlassian integrations as well if necessary.

    1. Go to Atlassian Admin Portal - Admin user is required.

    2. Click on "Directory" tab.

    3. Click on "Invite user" and follow the prompts.

    4. Use the created user email address in the Atlassian username on the SailPoint Entro onboarding form.

  4. Create Jira Scoped API Token

    1. Go to Atlassian API Token page and click on Create API token with scopes.

    2. Give the token a name (for example: Entro Security Jira Integration).

    3. Set expiration date for the token (maximum time is 365 days).

    4. Click on Next.

    5. Choose Jira and click on Next.

    6. Select the scopes you wish to grant the token.

    Note: The write scope is optional, and it enables the capability to create Jira tickets for risks straight from the SailPoint Entro application

    Classic scopes with additional granular scopes (6 scopes)

    Classic scopes:

    read:jira-work
    read:jira-user
    write:jira-work
    

    Granular scopes:

    read:email-address:jira
    read:epic:jira-software
    validate:jql:jira
    

    Or just copy the below in the searchbox for easy selection:

    read:jira-work,read:jira-user,write:jira-work,read:email-address:jira,read:epic:jira-software,validate:jql:jira
    
    1. Click on Next.

    2. Review the details and scopes, once you confirm click on Create token.

    3. Copy the token and save for later.

  5. Connect Atlassian Jira to SailPoint Entro

    In the SailPoint Entro Console, navigate to: Management → Accounts & Integrations → Add New Account (top right) → Atlassian → Scoped API Token - Jira

    Complete the onboarding form as follows:

    Field Description
    Environment Enter the relevant environment type (e.g., Production / Staging)
    Atlassian URL Paste the URL with the company domain from Step 1
    Jira Cloud ID Paste the Jira cloud ID from Step 2
    Atlassian Username Paste the user email address from Step 3
    Atlassian API Token Paste the API token from Step 4
    Worker Group (Connector) Select the SailPoint Entro Connector handling Atlassian scans

    Then click Create Account.

    SailPoint Entro will validate your credentials and start the initial scanning.


Security & Compliance

  • All SailPoint Entro actions are read-only; no changes are made to your issues, comments or attachments.

    • Except for one write action (optional) to create Jira issue from SailPoint Entro application.
  • Tokens are encrypted in memory and transmitted only via TLS 1.2+.

  • Access scopes are restricted to issues, comments and attachments metadata and its history.

  • SailPoint Entro is certified for SOC 2 Type II, ISO 27001, and GDPR compliance.