The situation involving Adão is a classic case of an MCP → Jira integration failure resulting in a 401 Unauthorized error. Focusing on Copilot Studio MCP + Jira Cloud via API tokens, here is the technical breakdown and guidance translated into English.
1. Key Points Regarding 401 Errors with Jira Cloud API Tokens
When you encounter a 401 Unauthorized error or a message stating "You do not have permission to create issues" while using an API token, it is typically due to one of the following reasons:
Token Mismatch for Account Type
In Jira Cloud, there are two primary types of tokens, and confusing them is a frequent source of integration failure:
Standard API Token (Common Atlassian User): This is the most compatible version. It works with the standard URL format: https://YOURSITE.atlassian.net/....
Scoped API Token (Service Account): This requires a different URL structure, and many third-party integrations (including some MCP setups) do not support this type.
Official Reference (401 with Service Account): 401 Unauthorized error when service account accesses Jira or Confluence API | Atlassian Cloud | Atlassian Support
Note: For generic integrations like the Copilot MCP, a Standard User Token is usually expected, rather than a service account token with specific scopes.
Troubleshooting Jira Cloud MCP Integration (401 Unauthorized)
1. Incorrect URL / Site Configuration
The endpoint must be your specific Jira Cloud site URL.
Correct Example: https://ttechbr.atlassian.net
Common Pitfalls: Using a different domain, typos, or including an incorrect subpath. If the host doesn't match the site where the token was generated, the request will return a 401 error.
2. Malformed Authentication (Basic Auth)
For Jira Cloud, the authentication standard requires a specific combination:
Username: Your Atlassian account email.
Password: A generated API Token.
Header Format: These must be encoded in Base64 as email:API_token.
Authorization: Basic <base64(email:token)>
Note: If the MCP interface asks for an "API Token" but the associated email is incorrect or doesn't match the token owner, the authentication will fail.
3. Insufficient Project Permissions
Even if the authentication is successful, you may encounter errors like "I don't have permission to create issue." This happens because the user account associated with the token:
Lacks the "Create Issues" permission in the target project’s Permission Scheme.
Is not assigned to the correct Project Role or Group required for access.
4. IP Allowlist / Access Restrictions
If your organization enforces an IP Allowlist via admin.atlassian.com, the outbound IP address of the integration (e.g., Copilot or the MCP host) must be authorized.
If the IP is blocked, Jira will return a 401 Unauthorized even if the credentials are valid.
This behavior mirrors the standards for other integrators like Jira Align.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.