Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,556,655
Community Members
 
Community Events
184
Community Groups

Announcement: Microsoft Oauth for incoming emails on Jira Software Cloud

Oct 13, 2020

TL;DR

Jira admins on Jira Software Cloud can now set up their Jira incoming email servers using Microsoft Oauth for Microsoft Exchange email accounts.

 

What has shipped?

Back in 2019, Microsoft announced the retirement of Basic Authentication for the Enterprise Web Services (EWS) API for Office 365. (link). In Microsoft’s March 2020 update (link), the company announced that due to the COVID-19 pandemic, it would postpone the disabling of Basic Authentication in Exchange Online for active tenants till the second half of 2021.

However, starting in October 2020, tenants with no recorded usage will be disabled, and newly created tenants by default will require OAuth.

Until now, Jira Software Cloud only supported Basic Authentication. Jira admins set up Jira to automatically create issues or comments based on incoming emails from licensed users using Basic Authentication. Incoming emails are first pulled from the respective mail server using the credentials stored and then details (with attachments) for a specific issue are automatically added to the Jira ticket.

What this means for our users is that, from October 2020, Jira admins will be able to create new Microsoft mail servers for incoming emails using only OAuth. In order to facilitate this, we are happy to announce that incoming emails for Jira Software Cloud now supports OAuth for Microsoft mail servers.

 

How do I use it?

Add a Microsoft mail server with OAuth 2.0 integration

If you are using Microsoft Exchange Online to create issues and comments from your email and would like to set up a mail server for your incoming emails on Jira, then you need to configure OAuth 2.0 for your Microsoft email server.

To add an incoming Microsoft mail server:

  1. Choose cog System

  2. Select Mail > Incoming Mail.

  3. Click Add incoming mail server.

  4. Give your mail server a name and description.

  5. Choose Microsoft as an email service provider.

  6. Click Add.

  7. Enter your Microsoft sign-in credentials to use your Microsoft mail server.

For Microsoft mail servers, Jira will auto-fill authorization and the token endpoint data. You’ll need to review and confirm permissions to let Jira access your information.

Upgrade your mail server from basic authentication to OAuth 2.0

We recommend that you upgrade your existing mail servers that have basic authentication to OAuth 2.0. To upgrade your mail server:

  1. Click Add incoming mail server.

  2. Give your mail server a name and description.

  3. Choose Microsoft as an email service provider.

  4. Click Add.

  5. Configure an incoming mail handler with the Microsoft mail server you configured from step 1. Alternatively, you can use a Microsoft mail server that you’ve configured earlier.

  6. Delete the incoming mail server that uses basic authentication. 

 

Some additional points to note:

  • If Microsoft OAuth authentication is not successful for your mail server, you can still see the mail server in the list of your configured mail servers. But, this mail server will not be visible to you while you’re configuring the mail handler.
  • While configuring an incoming mail handler for your Microsoft mail server, you can use the same name as the mail server which uses basic authentication. If you’ve configured a mail handler with a mail server that uses basic authentication, you can edit the mail handler. You can then select the Microsoft mail server that uses OAuth 2.0 integration for your mail handler configuration to upgrade the configuration.


Questions or Feedback?

If you have any questions or would like to provide us with some feedback, please do comment on this article and we will respond to you as soon as possible.

Comment
Watch
Like # people like this
14114 views

14 comments

Walter Buggenhout _ACA IT_
Walter Buggenhout _ACA IT_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Oct 13, 2020

Am I correct that this announcement is also incorporated in Jira Cloud documentation? 

Like
Arjoon Som
Arjoon Som
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 13, 2020

Hi @Walter Buggenhout _ACA IT_ , yes the Jira Cloud documentation has also been updated to include sections on how to:

Add a Microsoft mail server with OAuth 2.0 integration

Upgrade your mail server from basic authentication to OAuth 2.0

 

Thank you!

Like
Desiree_Anson
Desiree_Anson Oct 13, 2020

How do I change the email address for the username?  It's automatically using my personal email address and I need to change it to a different email address.

Like
Arjoon Som
Arjoon Som
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Oct 13, 2020 • edited

Hi @Desiree_Anson 

 

I would first ensure that I have signed out of any Microsoft accounts that may have already been signed in on the same browser. When prompted for the username password by Microsoft, please enter the details of the email account for which you would like to set up the mail server for. 

 

I hope this helps.

Like
Desiree_Anson
Desiree_Anson Oct 13, 2020 • edited

@Arjoon Som 

Thank you!  That worked - I ended up using a private window in FireFox and set up a new mail handler (incoming mail server).  Thank you for the help!

Des

Like
Smaran.bg
Smaran.bg Oct 21, 2020

@Arjoon Som How do i enable this in Jira Service Desk Emailed Requests?

Like
Sean
Sean Oct 21, 2020 • edited

In Jira Service Desk you add the incoming mail server per project (we use different email addresses for different projects). If I connect a custom email address under Project Settings > Email Requests and choose Microsoft will it use modern auth? How would I upgrade my existing custom email address to modern auth since I can add only one custom email address per project?

Also... per the instructions above, if we use Microsoft to authenticate to Jira via Azure SSO, there does not seem to be a way to sign into Jira with one Microsoft account and authenticate a different Microsoft account for email. (As a workaround I suppose I could elevate an external test account that doesn't use SSO to admin in order to set this up.) 

Like Jean-Claude Blanche likes this
Pierce Radtke
Pierce Radtke Dec 03, 2020

When I am attempting to setup connections for our Service Email account the system says I do not have sufficient permissions and that I need to reach out to an administrator.

After we enter the appropriate admin credentials to approve access it switches from using the intended Microsoft service email account and changes to the administrator account? 

We do not want to grant the service account the permissions to authorize itself.  Help!

Like
Taranjeet Singh
Taranjeet Singh
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
Dec 06, 2020

This is great! Thanks for sharing!

Like
John Del Forno
John Del Forno Aug 23, 2021 • edited Aug 31, 2021

How does this work when Azure AD has SSO enabled to JIRA?

An Administrator can't really grant access to their own mailbox for Jira to send from/to.

Signing into JIRA using a shared mailbox account takes up 2 licenses - one on the Jira side, the other on M365 side.

And continuing to use POP/IMAP when it's a requirement to disable Legacy Authentication across a tenant makes it even more difficult.

Edit:

Open Private window.
Login to Atlassian Cloud using SSO
Log out of portal.office.com
Login to portal.office.com using your shared mailbox account (Does not need a license it seems)
Auth Atlassian using the SMB account.

Like # people like this
Brian Kohler
Brian Kohler Sep 02, 2021

@Arjoon Som 

I feel that there is a gap for multi-tenant azure environments.  Currently that there is no way to configure this to a specific tenant when in a multi tenant Microsoft environment.  Meaning the application registered in Azure needs to have "Accounts in any organization directory and personal microsoft accounts"

I haven't seen anything on the roadmap either that might address this, or any documentation really that talked about it, and found it through trial and error.

Am I missing something about the configuration that we would be able to make a Service Management email integration to an account in a multi-tenant azure environment with the account in a specific tenant, or is the 'Go Global' the only option?

Like
John Del Forno
John Del Forno Sep 02, 2021 • edited

@Brian Kohler 

Does scoping the Enterprise Application using a Dynamic Group that targets the Company Name field on a user account work?

Like
Like
VMhosts Support
VMhosts Support Oct 31, 2022

Could I ask which version of Jira we need for the "auto-fill authorization and the token endpoint data" We have our accounts set to Microsoft, but they appear to still be using basic auth

Like

Comment

Log in or Sign up to comment
Arjoon Som

Arjoon Som

Atlassian Team
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.

About this author

Senior Product Manager

23 total posts

View profile
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

See all events