Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Announcement: Microsoft Oauth for incoming emails on Jira Software Cloud

TL;DR

Jira admins on Jira Software Cloud can now set up their Jira incoming email servers using Microsoft Oauth for Microsoft Exchange email accounts.

 

What has shipped?

Back in 2019, Microsoft announced the retirement of Basic Authentication for the Enterprise Web Services (EWS) API for Office 365. (link). In Microsoft’s March 2020 update (link), the company announced that due to the COVID-19 pandemic, it would postpone the disabling of Basic Authentication in Exchange Online for active tenants till the second half of 2021.

However, starting in October 2020, tenants with no recorded usage will be disabled, and newly created tenants by default will require OAuth.

Until now, Jira Software Cloud only supported Basic Authentication. Jira admins set up Jira to automatically create issues or comments based on incoming emails from licensed users using Basic Authentication. Incoming emails are first pulled from the respective mail server using the credentials stored and then details (with attachments) for a specific issue are automatically added to the Jira ticket.

What this means for our users is that, from October 2020, Jira admins will be able to create new Microsoft mail servers for incoming emails using only OAuth. In order to facilitate this, we are happy to announce that incoming emails for Jira Software Cloud now supports OAuth for Microsoft mail servers.

 

How do I use it?

Add a Microsoft mail server with OAuth 2.0 integration

If you are using Microsoft Exchange Online to create issues and comments from your email and would like to set up a mail server for your incoming emails on Jira, then you need to configure OAuth 2.0 for your Microsoft email server.

To add an incoming Microsoft mail server:

  1. Choose cog System

  2. Select Mail > Incoming Mail.

  3. Click Add incoming mail server.

  4. Give your mail server a name and description.

  5. Choose Microsoft as an email service provider.

  6. Click Add.

  7. Enter your Microsoft sign-in credentials to use your Microsoft mail server.

For Microsoft mail servers, Jira will auto-fill authorization and the token endpoint data. You’ll need to review and confirm permissions to let Jira access your information.

Upgrade your mail server from basic authentication to OAuth 2.0

We recommend that you upgrade your existing mail servers that have basic authentication to OAuth 2.0. To upgrade your mail server:

  1. Click Add incoming mail server.

  2. Give your mail server a name and description.

  3. Choose Microsoft as an email service provider.

  4. Click Add.

  5. Configure an incoming mail handler with the Microsoft mail server you configured from step 1. Alternatively, you can use a Microsoft mail server that you’ve configured earlier.

  6. Delete the incoming mail server that uses basic authentication. 

 

Some additional points to note:

  • If Microsoft OAuth authentication is not successful for your mail server, you can still see the mail server in the list of your configured mail servers. But, this mail server will not be visible to you while you’re configuring the mail handler.
  • While configuring an incoming mail handler for your Microsoft mail server, you can use the same name as the mail server which uses basic authentication. If you’ve configured a mail handler with a mail server that uses basic authentication, you can edit the mail handler. You can then select the Microsoft mail server that uses OAuth 2.0 integration for your mail handler configuration to upgrade the configuration.


Questions or Feedback?

If you have any questions or would like to provide us with some feedback, please do comment on this article and we will respond to you as soon as possible.

12 comments

Am I correct that this announcement is also incorporated in Jira Cloud documentation? 

Arjoon Som Atlassian Team Oct 13, 2020

Hi @Walter Buggenhout _ACA IT_ , yes the Jira Cloud documentation has also been updated to include sections on how to:

Add a Microsoft mail server with OAuth 2.0 integration

Upgrade your mail server from basic authentication to OAuth 2.0

 

Thank you!

How do I change the email address for the username?  It's automatically using my personal email address and I need to change it to a different email address.

Hi @Desiree_Anson 

 

I would first ensure that I have signed out of any Microsoft accounts that may have already been signed in on the same browser. When prompted for the username password by Microsoft, please enter the details of the email account for which you would like to set up the mail server for. 

 

I hope this helps.

@Arjoon Som 

Thank you!  That worked - I ended up using a private window in FireFox and set up a new mail handler (incoming mail server).  Thank you for the help!

Des

@Arjoon Som How do i enable this in Jira Service Desk Emailed Requests?

In Jira Service Desk you add the incoming mail server per project (we use different email addresses for different projects). If I connect a custom email address under Project Settings > Email Requests and choose Microsoft will it use modern auth? How would I upgrade my existing custom email address to modern auth since I can add only one custom email address per project?

Also... per the instructions above, if we use Microsoft to authenticate to Jira via Azure SSO, there does not seem to be a way to sign into Jira with one Microsoft account and authenticate a different Microsoft account for email. (As a workaround I suppose I could elevate an external test account that doesn't use SSO to admin in order to set this up.) 

When I am attempting to setup connections for our Service Email account the system says I do not have sufficient permissions and that I need to reach out to an administrator.

After we enter the appropriate admin credentials to approve access it switches from using the intended Microsoft service email account and changes to the administrator account? 

We do not want to grant the service account the permissions to authorize itself.  Help!

Taranjeet Singh Community Leader Dec 06, 2020

This is great! Thanks for sharing!

How does this work when Azure AD has SSO enabled to JIRA?

An Administrator can't really grant access to their own mailbox for Jira to send from/to.

Signing into JIRA using a shared mailbox account takes up 2 licenses - one on the Jira side, the other on M365 side.

And continuing to use POP/IMAP when it's a requirement to disable Legacy Authentication across a tenant makes it even more difficult.

Edit:

Open Private window.
Login to Atlassian Cloud using SSO
Log out of portal.office.com
Login to portal.office.com using your shared mailbox account (Does not need a license it seems)
Auth Atlassian using the SMB account.

@Arjoon Som 

I feel that there is a gap for multi-tenant azure environments.  Currently that there is no way to configure this to a specific tenant when in a multi tenant Microsoft environment.  Meaning the application registered in Azure needs to have "Accounts in any organization directory and personal microsoft accounts"

I haven't seen anything on the roadmap either that might address this, or any documentation really that talked about it, and found it through trial and error.

Am I missing something about the configuration that we would be able to make a Service Management email integration to an account in a multi-tenant azure environment with the account in a specific tenant, or is the 'Go Global' the only option?

@Brian Kohler 

Does scoping the Enterprise Application using a Dynamic Group that targets the Company Name field on a user account work?

Comment

Log in or Sign up to comment
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you