Integrating with Jira Software Cloud

Watch

Save as PDF

Share this page

Feedback

IT Asset Management

HomeXanadu IT Asset ManagementIT Asset ManagementSoftware Asset ManagementSaaS License ManagementIntegrate with SaaS applicationsIntegrating with Jira Software Cloud

Table of Contents

Integrating with Jira Software Cloud

Release version:
Xanadu
Yokohama
Washington DC
Vancouver
UpdatedMar 5, 2025
9 minutes to read

Xanadu
IT Asset Management

Integrating your Software Asset Management application with Atlassian Jira Software Cloud enables you to track your software subscriptions and to reclaim unused licenses.

Note: Currently this integration supports only one site integration per profile.

If your installed Jira spoke version is 4.1.0 or higher, you can integrate Jira with your ServiceNow instance by using one of the following methods:
- Using basic authentication
- Using OAuth authentication
If your installed Jira spoke version is lower than 4.1.0, integrate Jira with your ServiceNow instance by Using basic authentication method.

Important: Minimize security risks and protect information by granting access only to the necessary user or API permissions.

Table 1. Minimal user permissions
Process	Required user role in the Jira Software Cloud application	Authentication scopes
Download subscriptions	Permission to access Jira	read:application-role:jira read:group:jira read:user:jira read:avatar:jira
Pull user activity	Administer Jira global permission Browse projects permission for the project containing the issue. If issue-level security is configured, issue-level security permission to view the issue.	read:user:jira read:issue-details:jira read:audit-log:jira read:avatar:jira read:field-configuration:jira read:issue-meta:jira
Reclaim subscription	Site administration, that is, member of the site-admin group	read:group:jira write:group:jira

Using basic authentication

Integrate the Software Asset Management application and Jira using an API key to authenticate ServiceNow requests.

You can integrate a ServiceNow instance with multiple Jira instances. For this integration, create a connection and credential alias record and a connection record for each Jira instance.

Create an Jira account API token

Create an API token in Jira to authenticate requests.

Before you begin

Jira Role required: Refer the Minimal user permissions table.

Procedure

Navigate to Atlassian API Tokens.
Select Create API token.
Enter a name for your API token, then select Create.
Copy the API token and save it.
You’ll use the token later.

Configure the connection and credential record

Configure the default connection and credential alias record to authenticate the requests from ServiceNow.

Before you begin

Role required: admin

Procedure

Navigate to All > Connections & Credentials > Connection & Credential Aliases.
Open the alias record for Jira that is shipped with the spoke.
Select the Create New Connection & Credential related link.

On the form, fill in the fields.

Table 2. Create Connection and Credential
Field	Description
Connection URL	URL of your Jira instance in https://<provider-domain-name>.atlassian.net format.
User Name	Enter the email address of the user.
API Key	Enter the API token that you generated for Jira.

Select Create.

Using OAuth authentication

Integrate the Software Asset Management application with your Jira account using OAuth to authenticate ServiceNow requests.

Create an OAuth 2.0 integration in Jira account

Create an OAuth 2.0 integration in the Atlassian Developer console to authenticate the requests.

Before you begin

Jira Role required: Refer the Minimal user permissions table.

Procedure

Log in to Atlassian Developer console.
Under My apps, select Create and select OAuth 2.0 integration.
On the form, provide a name for the integration and select Create.

The integration is created and the value of App ID is displayed.
Select Authorization.
1. Select Add under Action.
2. In Callback URL, provide the URL of your ServiceNow instance in this format: https://<ServiceNow-Instance-Name>.service-now.com/oauth_redirect.do.
  For example, https://example.service-now.com/oauth_redirect.do.
3. Select Save changes.
Select Settings.
Under Authentication details, copy the values of Client ID and Client Secret.
Select Permissions > Jira API > Configure.
Select the Granular scopes tab.
Select Edit Scopes to add the following scopes:
- read:application-role:jira
- read:group:jira
- read:user:jira
- read:avatar:jira
- read:audit-log:jira
- read:issue-details:jira
- read:field-configuration:jira
- read:issue-meta:jira
- write:group:jira
You can configure other scopes according to your requirement.

Obtain the Cloud ID value of Jira instance

Obtain the value of the Cloud ID of the Jira cloud instance. This value is required during the configuration of the connection record in your ServiceNow instance.

Before you begin

Jira Role required: admin

Procedure

Log in to Atlassian Administration.
Select the Select button against the required organization.
Select the Products tab.
On the Products page, select Manage product on the Jira product row.

The URL is in the following format in a new window: https://admin.atlassian.com/o/<orgID>/products/jira-software/<Cloud-Id>.
Copy the value of the Cloud ID for later use.

Create an application registry in ServiceNow instance

Use the generated information while creating the OAuth 2.0 integration to create an application registry record in your ServiceNow instance.

Before you begin

Role required: admin

Procedure

Navigate to All > System OAuth > Application Registry.
Select New.
The system displays a message as What kind of OAuth application?.
Select Connect to a third party OAuth Provider.

On the form, fill these values.

Search:

Table 3. Application Registries
Field	Description
Name	Name to identify the application registry record.
Client ID	Client ID generated when the OAuth 2.0 integration was created in the Atlassian Developer console.
Client Secret	Client secret generated when the OAuth 2.0 integration was created in the Atlassian Developer console.
Default Grant type	Grant type used to establish the token. Select Authorization Code.
Authorization URL	OAuth authorization code endpoint. Enter https://auth.atlassian.com/authorize.
Token URL	OAuth server token endpoint. Enter https://auth.atlassian.com/oauth/token.
Redirect URL	OAuth callback endpoint. System generates the URL while saving the application registry.
Refresh Token URL	URL to refresh a token. Enter https://auth.atlassian.com/oauth/token. Note: This field is hidden in the form layout. Configure the form layout to show this field.

Select and hold (or right-click) the form header and select Save.
A default OAuth entity profile record is created in the OAuth Entity Profiles tab.

In the OAuth Entity Scopes, create the following entity scope records.

Search:


Name	OAuth scope
read:application-role:jira	read:application-role:jira
read:group:jira	read:group:jira
read:user:jira	read:user:jira
read:avatar:jira	read:avatar:jira
read:audit-log:jira	read:audit-log:jira
read:issue-details:jira	read:issue-details:jira
read:field-configuration:jira	read:field-configuration:jira
read:issue-meta:jira	read:issue-meta:jira
write:group:jira	write:group:jira
offline_access	offline_access

Result

An application registry record is created in your ServiceNow instance.

Create a credential record for Jira

Create a credential record for the Jira account. The Jira spoke connection and credential alias uses this credential to authorize actions.

Before you begin

Role required: admin

Procedure

Navigate to All > Connections & Credentials > Credentials.
Select New.
The system displays a message as What type of Credentials would you like to create?.
Select OAuth 2.0 Credentials.

On the form, fill these values.

Table 4. OAuth 2.0 Credentials
Field	Description
Name	Name to identify the credential record for the Jira spoke. For example, `Jira OAuth credential`.
OAuth Entity Profile	Default OAuth entity profile record created when the application registry record is configured.

Select Submit.

Create a connection record for Jira

Create a connection record for the Jira account. The connection and credential alias uses this connection to perform actions in Jira.

Before you begin

Role required: admin

Procedure

Navigate to All > Connections & Credentials > Connection & Credential Aliases.
Open the alias record for Jira that is shipped with the spoke.
On the Connections tab, select New.

On the HTTP(s) Connection form, fill in these fields.

Search:

Table 5. HTTP(s) Connection
Field	Description
Name	Enter any unique name to identify the connection record. For example, enter Jira OAuth Connection.
Credential	Select the Credential record created for Jira. For example, select Jira OAuth Credentials.
Connection alias	Search for and select sn_jira_spoke.Jira alias.
Connection URL	Enter the URL of your Jira instance in the https://api.atlassian.com/ex/jira/<Cloud-ID> format. For information about getting the value of Cloud ID, see Obtain the Cloud ID value of Jira instance.

In the Attributes related list, provide these values.
1. Enter the value of 2 for api_version.
2. Enter the value cloud for server_type.
Select Submit.
Navigate to All > Connections & Credentials > Credentials.
Open the credential record that you had created for the Jira spoke.
For example, Jira OAuth credential.
Select the Get OAuth Token related link.
In a new window, the system asks access to your Atlassian account.
Note: For the role required to perform this step, refer to the Minimal user permissions table.
Select Accept.
Access is granted to the Atlassian account and a confirmation message is displayed in your ServiceNow instance that the refresh token is available.

Create a Jira Software Cloud integration profile

Create an integration profile to track software subscriptions and optimize licensing for Atlassian Jira Software Cloud.

Before you begin

To create a Jira integration profile, request the Software Asset Management - SaaS License Management plugin (sn_sam_saas_int) from the ServiceNow Store.

To enable the integration profile to retrieve and update user activity through the Jira Update User Activity subflow, set the com.glide.transform.json.max-partial-length system property Value to 32768.

Atlassian Role required: site admin

ServiceNow Role required:

Starting with version 5.0.1 of Software Asset Management - SaaS License Management and version 3.0.4 of the Jira spoke, either of the following ServiceNow roles is required:
- sam_integrator and sn_jira_spoke.jira_admin
- admin
Prior to version 5.0.1 of Software Asset Management - SaaS License Management and version 3.0.4 of the Jira spoke, the sam_integrator or admin ServiceNow role is required.

About this task

If you’re using Software Asset Workspace, the option to create the Jira integration profile in Core UI is inactive.

Procedure

Navigate to the integration profile.

Interface	Action
Core UI	Navigate to All > Software Asset > SaaS License > Direct Integration Profiles. Select New. Select Jira Integration Profile.
Software Asset Workspace	Navigate to License operations > User Subscriptions > Direct integration profiles. Select New. Select Jira from the drop-down list. Select Continue.

On the form, fill in the fields.

Search:

Table 6. Integration Profile form
Field	Value
Display name	Name of your choice. For example, Jira integration.
Connection & Credential	sn_jira_spoke.Jira. This field is automatically populated.
Status	Status of the integration profile. The options are Draft and Published. This field is automatically populated.
Profile type	Jira Subscription. This field is automatically populated.

In the Calculate Activity Subflow form section, choose a value for the Analyze user activity from field.

You can also select the date and time that you want to analyze user activity from in the Analyze user activity from field. By default, you can analyze user activity up to 60 days prior to the current date and view events performed by individual users from the time you create this profile.
Note: Software Asset Management pulls the events from the time that you start analyzing user activity irrespective of the profile creation date.
You can modify this value in the Last activity threshold field of your software reclamation rules. For more information, see Review a software reclamation rule.

Note: After you save the integration profile, the Analyze user activity from field becomes read only.
Select Save.
A draft integration profile is created. The integration profile uses the Jira Download Subscriptions, Jira Update User Activity, and Jira Reclaim Subscription subflows to get user data from the Jira Software application.
Specify the groups that have access to Jira products.

Important: This step is applicable only starting with version 5.0.1 of Software Asset Management - SaaS License Management Integrations and version 3.0.4 of the Jira spoke.
By specifying these groups on your ServiceNow instance, you can retrieve data and manage licenses for only the users within these groups.
1. In a new tab, open the Atlassian Administration portal.
2. Log in to your site admin account.
3. Select the Select button against the required organization.
4. Select the Products tab.
5. On the Products page, select Manage product on the Jira product row.
6. View the list of groups that have access to Jira Software.
  Take note of this information for later use.
7. Return to your ServiceNow instance and navigate to Jira > Jira Groups.
8. On the Jira Groups form, select the Add Groups related link.
  The Add Jira Groups dialog box opens.
9. In the Available list, select the groups that have access to Jira products.
  
  Tip: The Available list includes all groups that are associated with your Atlassian account. Select only the groups that have access to Jira products.
10. Select the right arrow button to move the groups from the Available list to the Selected list.
11. Select OK.
Return to your integration profile and then select the integration profile.
Select Publish.
In the Publish Confirmation dialog box, select OK.

What to do next

After the integration connects, your ServiceNow instance automatically creates software models, reclamation rules, and software subscriptions that are refreshed daily.

If you want to set up multiple integration profiles with unique connections, create child aliases to manage different configurations and settings for each integration profile. For more information, see Create a child alias to set up multiple integration profiles.

Review all automatically generated reclamation rules to reclaim user subscriptions. For more information, see Review a software reclamation rule.

Create software entitlements for the automatically generated software models to track used software against owned software.

For more information on creating software entitlements in the Software Asset Management Core UI, see Create entitlements in Software Asset Management classic.
For more information on creating software entitlements in the Software Asset Workspace, see Create entitlements in workspace.
For more information on creating software entitlements using the Software Asset Management Playbook, see Create entitlements using the guided walk-through.

Reconciliation also runs on your subscriptions as a scheduled job or on-demand. You can view your reconciliation results in the License Workbench (Software Asset Management classic application) or the License usage view (Software Asset Workspace). Use these results to determine your license compliance position and to remediate any non-compliance.

For more information on running reconciliation in the Software Asset Management classic application, see Run software reconciliation.
For more information on running reconciliation in the Software Asset Workspace, see Run software reconciliation in the workspace.

Xanadu IT Asset Management

Filters

Versions

Products