ATTN: Changes required for Jira mail servers using Google email accounts

Greetings Jira Community,

A few weeks ago, Google came out with the following announcement that some of you may have received in your email inboxes.

This announcement only impacts those Jira Cloud customers who have set up an incoming mail server using a personal Google email account by providing Jira Cloud with a username and password. Customers who are using Google Workspace or Google Cloud accounts are not affected for the moment.

Google categorizes an app to be a ‘Less Secure App’ when the app connects to Google accounts using username and password verification for access and not more modern protocols such as OAuth. Currently, Jira Cloud (excluding JSM) falls in this category because our current protocol to set up a Google mail server requires the use of username and password verification.

Hence, any mail server set up in Jira via a username and account password with a personal Google email account will not work from 30th May 2022. We request that customers who wish to continue using their personal email accounts as mail servers in Jira switch to using App passwords instead of your Google Account passwords. An App password is a 16-digit passcode that gives a non-Google app or device permission to access your Google Account. App Passwords can only be used with accounts that have 2-Step Verification turned on. Learn more about how to sign in using App Passwords.

To summarise, these are the steps you need to take to switch to App Passwords:

STEP 1: Create an App Password for Jira

1. Go to your Google Account by clicking on your profile (in the top right corner) and clicking “Manage your Google account”.

2. Select Security.

3. Under "Signing in to Google", select App Passwords.

4. In 'Select App', choose Other
5. Enter 'Jira' as the name and press Generate
6. Copy the generated App password

Note: You must be a Jira or Site administrator to access Jira System Settings for the next step

STEP 2: Update your mail handler with your App Password

1. Go to Jira System Settings

2. Navigate to Incoming Email.
   This page will show you a list of all your mail servers that are currently set up for Jira Cloud

3. Click ‘Edit’ for the mail server for which you wish to switch from Account Password to App Passwords. It should be listed as ‘Authentication Type - Basic'.

4. Ensure that the username of the Google account you are editing is the same account for which you generated the app password.

5. Replace the password that is currently entered with the 16-digit app password that you generated.

6. Click Save

Note: If you have completed STEP 1 of the process above, you will need to complete STEP 2 as well. If STEP 2 is not completed after STEP 1, your Jira incoming mail servers will start failing with the following error while trying to fetch emails: Application specific password required

We are in the process of adding support for Google OAuth and we expect to roll out this capability for our Jira Cloud customers by September 2022 (earlier if we can pass Google’s security audit faster).

Once available, customers can choose to switch these mail servers that use Google emails to Google OAuth to stay up-to-date with the recommended security protocols prescribed by Google.

Thank you,

Arjoon Som
Sr. PM, Jira Cloud