It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Microsoft Teams and Jira

TeamsLovesJira.jpg

It's True!   Microsoft Teams has been working steadily towards integrating with Jira Cloud and Jira Server.

Over the past year, in Jira Server, we've had access to deposit information into teams only via webhooks.  Jira Cloud has had more advanced integration.

In the last month, Microsoft has released long awaited feature parity with Jira Cloud and Server editions.  For those that are in Office365 and have Teams deployed for various reasons, this is the moment we've been waiting for.

The Integration:

There are two components to be aware of:

  • The Jira Marketplace addon - Teams for Jira
  • The Teams Jira app (in Teams via Manage Teams, Apps, More Apps)

The Teams Jira App has been upgraded recently, so if you've had it installed, be sure to update it.  To update it, Please go to 'Manage team' -> 'Apps' tab to update the app. You'll have to restart the Teams client to get the update.

Linkage:

There are a couple of ways to link Jira and Teams

  • Webhook push to a teams Channel only
  • Teams Bot
  • Teams Jira App Tab
  • Teams Chat Integration

All options are controlled by the Teams Jira App, via Manage Team, Apps Tab, and Selecting the Jira App.

Linkage Permissions:

Teams needs access to Jira and to do this, it needs an account with permissions to read the Jira Project(s) you want it to communicate with.  To do this:

  • Non Saml:
    • Simply create an account on your Jira Instance, give it the rights and note its login information for teams
  • SAML Integrated:
    • While not supported by Microsoft, its hackable.
      • Create an account on your Jira Instance, give it the rights and note its login information for teams
      • Turn off/Disable temporarily your SAML Redirection, using local auth only.
      • Use the login with the Jira Teams app to get the OAuth Authentication setup
      • Re-enable SAML Redirection

The Cool Stuff:

Well, its pretty neat.   Here's a couple of screenshots of what the integration can do.

Calling up an issue with the '@Jira Server xx-Issue Command'.  Note you can comment, assign, watch or edit issues.

JiraTeamsBot.jpg

 

Requesting help with the '@Jira Server help' Command.  Look at all those options!JiraTeamsHelp.jpg

 

The Jira Server Tab.   So many options to manipulate here.JiraTeamsTab.jpg

Need to create a story, no problem.JiraTeamsTab1.jpg

 

Feature Request:

Really, there are two main issues that Microsoft needs to resolve.

  • SAML Integration natively support vs hacked.
  • Teams integration uses the local account to make comments and manipulate Jira, not your Teams username.  This causes some concern when asking who did it (created a story, made a comment, etc.)
  • JiraTeamsGripe.jpg

Certainly a lot of promise here and huge potential that we hadn't seen much of in the past.  I'm excited about the future of Microsoft and Atlassian as they continue to work together.

Related Microsoft reference blog:  here.

25 comments

Mirek Community Leader Aug 13, 2019

Teams integration uses the local account to make comments and manipulate Jira, not your Teams username.

Yeah.. That is a very big disadvantage.. If the whole team would then use Teams to interact with Jira after some time it would be a total mess of comments done by "Jira Teams Integration" (and people that do not use Teams would get really confused .. ) .. Of course we can add manually a name in every comment, but is this the way how an integration should be done? It would be better to focus on good push notifications to teams where the conversation should continue..

Another is that (from what I see from the screenshots.. ) you cannot change the status, so if you have an issue in To Do you still have it in this status even you assigned it to yourself and need to manually log in to Jira to change it to In Progress..

Hello, I'm Alex, and I'm developing this integration. Regarding your questions:

> SAML Integration natively support vs hacked.

We are planning this in the next release. In the first release of Microsoft Teams for Jira Server we've tried to cover and match the functionality that is currently available in Jira Cloud mostly.

Teams integration uses the local account to make comments and manipulate Jira, not your Teams username. 

That is by design. This integration acts on behalf of Jira user, and without user you won't be able to connect to Jira Server in general. All the information about user in the integration is read from Jira.

Your latest screenshot with "Jira Teams Integration" user is a little bit misleading, because after reading this article one may think all messages from Teams would be posted under single generic Jira user. That's not true, you just created test user that way. 

@Mirek 

You can change status from tab.

@Oleksandr Valetskyy Hello and really appreciate your feedback.    I've heard SAML is going to be investigated and are extremely excited for that.   On the clarifying point, the account I used to link to Jira has the display name "Jira Teams Integration."  I think our thoughts is that if SAML works correctly, the Teams client uses the logged in users token to communicate to Jira and all actions are reflected as that user.   I certainly understand the current restrictions there and I call it out in this article as a point of reflection since some companies may have restrictions against that type of 'anonymous' feedback in Jira.  Those companies may desire then to only take read access from Jira instead of read/write access.

Overall, cheering on your work and appreciate it tremendously.  Please feel free to reach out.  I know some integration builders such as the team from Re:solution SAML might have some insight they'd share with your team.

Makes sense. Although from the Teams perspective Connector might fit better for readonly scenarios.

Still not clear for me when you need both Jira Marketplace addon - Teams for Jira and Microsoft Teams application called "Jira Server". Can you use full functionality with only Microsoft Teams application "Jira Server" ?

Hi @Johan Holmer Lindell ,

To use functionality like Bot, Tab and Messaging Extension in Jira Server application in Microsoft Teams you need Teams for Jira add-on to be installed in your Jira instance. The add-on installation is required, as it will generate specific Jira ID for your Jira instance. This ID is requested by the application in Teams first time when you authorize in Jira through Teams Bot, Tab or Messaging Extension. In other words - Jira add-on is kind of a bridge between Teams application and Jira Server instance.

If you need capability only for push notifications in Jira Server application for Microsoft Teams - you can use Connector capability. Connector doesn't require add-on installation for Jira.

@Gregory Van Den Ham Actually, some help from Atlassian developers would be nice. Is there any way we can contact them directly? Currently we are creating questions here on forums (like this one - https://community.developer.atlassian.com/t/addon-objects-lifecycle-unexpected-behavior/30208), but nobody answers.

@Oleksandr Valetskyy I'm reaching out to some of the people I know. 

@Gregory Van Den Ham Meanwhile we've released the new addon version that supports SAML - 2019.8.7. Please note "nosso" flag should be turned on in configuration to ensure successful login into Jira.

Hi @Oleksandr Valetskyy We are the vendor or the SAML SSO plugin by re:solution for Jira/Confluence/Bitbucket.  @Gregory Van Den Ham contacted us about the Microsoft Teams integration with Jira a couple of weeks ago.

If would be cool if we can work together to better integrate Microsoft's integration with our SAML SSO app. Is there a way we could contact you or to share contacts?

 

If you visit the Atlassian Open in Vienna, we could also talk during the event.

@Oleksandr Valetskyy In the teams app, 2019.6.8 is the only app available currently.  Have you pushed this to public release? 

@chrschommer thank you sir, I'll buy you a drink at Summit next year ;)

@Gregory Van Den Ham Newest add-on version is 2019.8.11,  released yesterday (2019-08-19).

Now login with sso would work, but with the same drawback UserSync has - local users don't have passwords after replication and thus they need to set it manually prior to logging in. Long story short, we are utilizing "local" login through ?nosso page currently.

@chrschommer I've sent you connect request on LinkedIn with my work mail, thanks.

@Oleksandr Valetskyy  I see the update available in Jira Server, under manage apps.  Any change on the Teams side required?

@Gregory Van Den Ham No, SSO-related changes are purely Jira Server-side based. Think of Jira Server add-on as fancy proxy that establishes connection with integration back-end on Azure. It could not authorize user to Jira because of redirect happening because of SAML SSO add-on, now the issue has been resolved.

All in all, Teams app and Jira Server app (add-on) would update independently and that's perfectly normal.

I feel that this app is great and want to use it.
However, there are security concerns because they are provided by a third vendor.
What does this vendor expect from a free offer?
Even if there is a charge, it is better to promise security.
Is there a plan to complete the security self-assessment?

Maybe there is no security concern with the direct API connection between TEAMS and JIRA?

marcins I'm New Here Aug 27, 2019

Please try to fix slack push notifications in the first place.

@marcins Hi, and welcome.  I think the Microsoft team would love to fix slack, but unfortunately it's not their product.  I'll suggest though you open a community question for slack so that the community could take a look at it or open up a request with the slack team directly on their website.

@SmokeyBlues Interesting thoughts and yes - as with any integration with SaaS and OnPremise products, a risk assessment should be conducted.

In the case of Microsoft, i believe their efforts are about developing an open platform and integrating with as many large market players (such as Atlassian) as possible.   This gives their main product the ability to compete in the market place with other group chat providers such as MatterMost and Slack. 

Since you control the account in Jira, you can set limits to what that account can do.    A quick reference is here. 

Every company sees risk slightly different and appetites for risk vary by industry.  You can review some of Microsoft's compliance information here.

Note, as with any SaaS product, there is still a shared level of responsibility with how your team configures security and maintains it.

Hi there, we just added the plug in from our JSD to our institutions M$ Teams platform. We didn't have any issues getting that done. But we noticed that every user who wants to add the app has to go through the process of setting up the app, adding the ID ecc which when you are over 1500 users might be a little time consuming. Can this be automated so everyone has it? 

I see I can create Issue from Teams and edit them which is cool, but can I create a channel from JIRA like I do with Slack?

I assuming the JSD's that are visible on Teams are based on that users JIRA permissions?

Hi Nick, I'll offer a partial answer.   I haven't seen the Operational Incident or War Room channel functionality as of yet in Teams.   This functionality came from the Jira/HipChat/Stride days and something the Atlassian team pushed over.

On the permissions side, the account you give access leverages the Jira security model.  It should only be able to see, comment and create issues according to its Jira permissions.

I need to experiment a bit more on automated deployment, but if you create the Tab view, the people in the channel will see it.  When they click, they'll get prompted to login.

@Gregory Van Den Ham , can you please let me know how to resolve this error when integrating with jira and teams.

In jira side i have installed the teams addon.

And on Teams side when i tried to configure a tab/tried to setup the jira server connectivity we are getting the below error.

Can you please help us on how to resolve this

 

Error: 

Microsoft Teams app for Jira Server is not responding please try later.

@Prasad Sekar Please verify add-on successfully connected to the integration back-end after installation by going to add-on settings. You should have "Microsoft Teams connection is currently ACTIVE" line at bottom.

If not, you can try hitting "Reconnect". If that does not help, please check your firewall, it should allow egress connections to Microsoft Azure (https://www.msteams-atlassian.com/jiraserver/index.html#configuring-firewall). Should you have any questions or need more detailed troubleshooting, please contact our Support Team.

Hi @Oleksandr Valetskyy , thanks for the information.

As you have mentioned to whitelist the list of IP mentioned in the link https://www.msteams-atlassian.com/jiraserver/index.html?_ga=2.31857977.644600098.1569917483-1333351129.1542266528#configuring-firewall

Can you please let me know what is the port number for this IP's to allow? are there any specific port/port-range  ?

Hello @Gregory Van Den Ham and everyone interested, we've recently released version 1.4 Jira Server for Microsoft Teams that uses pure OAuth 1.0a authentication flow. You are not required to enter Jira credentials in Microsoft Teams anymore - validation now happens purely on the Jira Server/SSO side.

Revamped process now consists of 8 stages:

1. Enter Jira id in Microsoft Teams. Click “Connect”.1-jiraid.png2. On the next screen click on the “Authorize” link. It has the following format: https:///jira/plugins/servlet/oauth/authorize?oauth_token=.2-teams-auth.png3. It will either open Jira login page or redirect you to third-party identity provider like Azure Active Directory. Please put your credentials and log in.

3-msauth.png4. You will be redirected to Jira authorization page asking to allow Microsoft Teams to access to your data in Jira. Note you do not pass and store password in our app.

4-jira-allow.png5. Click “Allow”. You will be redirected to “Access Approved” Jira page.

5-jira-code.png

6. Look for verification code and copy it. Note this page can be displayed in a locale selected in your Jira profile and verification code may have other punctuation signs other than apostrophes around it.

7. Paste the verification code to a respective field in Microsoft Teams.

7-teams-code.png

8. Click “Continue”. If the code is correct, you will be redirected to “Authentication successful” page and popup should close. You are all set and can manage your Jira issues in Microsoft Teams.

Please note that for successful authentication in app now it's required for user to have direct network access to Jira Server. This may mean connecting VPN or doing this inside work subnet where Jira Server is hosted. This is valid only for authentication process and is not needed further for other workflows though.

p.s. There is another feature we've released previously that may be not widely known yet - Jira Server app configuration settings that gives ability for admin to decrease network payload size by disabling images embedding during information transfer to Microsoft Teams. If your Jira Server is accessible from internet and have https certificate configured you should definitely try it and notice the performance boost.

Comment

Log in or Sign up to comment
Community showcase
Posted in Jira Software

Metrics Fun: 2019 in Review

Hello, Atlassian Community!  I thought it would be fun to do something different for my teams' last retrospective of 2019 so I'm planning to do a "year in review" with info-graphics.  Wha...

219 views 4 3
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you