Jira Integration

MVKR7T · April 15, 2024, 11:59am

Hello Sailors,

So I got a requirement to manage Jira user LCM in SailPoint ISC/IDN.

I did a POC using OOTB connector Atlassian Suite - Cloud connector, below are the problems I am facing. Not sure how this OOTB connector is built, maybe it is calling Atlassian Cloud APIs internally.

Not able to get last login, it is the limitation from Jira API itself. So cannot question the connector.
The big problem is with reading email address due to GDPR compliance. In Jira portal for every user attribute there is a visibility to control who can see. For example

So before questioning the connector, I thought of checking the response in API first.

When I change the visibility to Anyone then I can see email address in API response and in ISC as well. For the remaining 2 options I don’t get the email.

But for my teammate account who is registered as site admin, though the account email has only you and admins, I can see the email.

When we connected with Jira support, below is the response.

The API endpoint that you shared earlier seems to be correct. However, the user’s privacy controls are applicable to the API response.

I believe we don’t have a way to bypass this. These privacy controls were added due to GDPR compliance, and therefore the users should have control over who can view their personal details.

API I am using to read user data
for a single user: GET https://odido.atlassian.net/rest/api/3/user/?accountId=<618e5>
for all users: GET https://odido.atlassian.net/rest/api/3/users

Then we found a way to get all users with all the data using search API
POST https://api.atlassian.com/admin/v1/orgs/:orgId/users/search

When I search in google, I find a new API every time. Every API call is missing one or the other attribute, so no API is perfect to use.

I don’t wanna use these APIs when I have OOTB connector.

In connector documentation, I see the below info

Our accounts are already managed accounts and verified the domain as well.

I am posting this here to see if you have faced these issues or to know your experience in it.

Thanks
Krish

Carlatto · April 15, 2024, 6:28pm

We have run into the emailAddress issue too. We haven’t found a consistant way to pull in that information.

Currently we are utilizing 2 separate connections into Atlassian. We use the OOTB connector for provisioning. Then we have a separate Web Services connection (utilizing https://api.atlassian.com APIs) to modify Extended Profile information (Department, Job_Title, Location, etc). We also get the Last_Active data from the Web Services connection.

We would prefer to only have one connection, and have thought about writting a custom SAAS connection to combine our two connections.

Our biggest complaint has been the lack of remote provisioning options for BitBucket. Atlassian is supposed to be fixing that this year.

MVKR7T · April 15, 2024, 7:26pm

Thanks @Carlatto for sharing your experience. That makes two of us now

Which API you are using to read user data with email address.

Topic		Replies	Views
In Discovery: Integration with Atlassian Data Center: Governance Connector and Service Desk Integration Product Research identity-security-cloud , identityiq , connectors , in-discovery	0	215	January 17, 2024
Jira Data Centre Plugin IIQ Discussion and Questions	7	1698	July 19, 2023
In Discovery: IIQ AWS Connector - Support for AWS IAM Identity Center Product Research identityiq , connectors , in-discovery	4	743	November 29, 2023
SailPoint Cloud Access Management Azure Identities and Resource Not Showing ISC Discussion and Questions identity-security-cloud	0	88	March 27, 2024
Issues with Atlassian Connector ISC Discussion and Questions provisioning , entitlements	4	350	July 19, 2023

Jira Integration

Related Topics