Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Where should AI tool access approvals and audit evidence live: JSM, IAM, or Security/GRC?

Andrew
Andrew
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 5, 2026

Hi all,

I’m trying to understand how Atlassian/JSM teams are handling employee access to AI tools like ChatGPT, Claude, Copilot, Rovo, Perplexity, etc.

For organizations using Jira Service Management internally, where does this workflow usually belong?

- JSM request type + approvals
- JSM Assets/service catalog
- IAM/IGA / Okta / Entra
- Security/GRC
- Procurement/legal
- Some mix of the above

The specific lifecycle I’m curious about is:

1. employee requests access to an AI tool
2. someone approves or denies it
3. access has an expiry/recertification date
4. evidence is kept for audit/security review
5. access is actually removed or renewed later

For teams that have dealt with this: is native JSM usually enough, or does the workflow break down once expiry, recertification, evidence, and identity-provider access get involved?

I’m an Atlassian Marketplace developer, but I’m not looking to pitch anything here. I’m trying to understand the real operating pattern from Jira/JSM, IAM, and security teams.

Answer
Watch
Like Be the first to like this
40 views

1 answer

0 votes
Jean Horn
Jean Horn
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 5, 2026

Hello @Andrew ,

For this case, I see that the flow you presented is already within the scope of native JSM, as you mentioned.

Regarding access, I see that it can be implemented through automation flows with a trigger when the request is approved. Since some identity providers like Azure have integration with Jira Automation.

This would be my view based on your comment. I hope it helps you.

Best Regards,

Jean Horn

Reply

Suggest an answer

Log in or Sign up to answer
Rovo Atlassian Intelligence
Rovo
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2026 Atlassian
    Privacy Policy Notice at Collection Terms Security