Microsoft Teams and Jira

Teams integration uses the local account to make comments and manipulate Jira, not your Teams username.

Yeah.. That is a very big disadvantage.. If the whole team would then use Teams to interact with Jira after some time it would be a total mess of comments done by "Jira Teams Integration" (and people that do not use Teams would get really confused .. ) .. Of course we can add manually a name in every comment, but is this the way how an integration should be done? It would be better to focus on good push notifications to teams where the conversation should continue..

Another is that (from what I see from the screenshots.. ) you cannot change the status, so if you have an issue in To Do you still have it in this status even you assigned it to yourself and need to manually log in to Jira to change it to In Progress..

Hello, I'm Alex, and I'm developing this integration. Regarding your questions:

> SAML Integration natively support vs hacked.

We are planning this in the next release. In the first release of Microsoft Teams for Jira Server we've tried to cover and match the functionality that is currently available in Jira Cloud mostly.

> Teams integration uses the local account to make comments and manipulate Jira, not your Teams username. 

That is by design. This integration acts on behalf of Jira user, and without user you won't be able to connect to Jira Server in general. All the information about user in the integration is read from Jira.

Your latest screenshot with "Jira Teams Integration" user is a little bit misleading, because after reading this article one may think all messages from Teams would be posted under single generic Jira user. That's not true, you just created test user that way. 

@Mirek 

You can change status from tab.

@Oleksandr Valetskyy Hello and really appreciate your feedback.    I've heard SAML is going to be investigated and are extremely excited for that.   On the clarifying point, the account I used to link to Jira has the display name "Jira Teams Integration."  I think our thoughts is that if SAML works correctly, the Teams client uses the logged in users token to communicate to Jira and all actions are reflected as that user.   I certainly understand the current restrictions there and I call it out in this article as a point of reflection since some companies may have restrictions against that type of 'anonymous' feedback in Jira.  Those companies may desire then to only take read access from Jira instead of read/write access.

Overall, cheering on your work and appreciate it tremendously.  Please feel free to reach out.  I know some integration builders such as the team from Re:solution SAML might have some insight they'd share with your team.

Makes sense. Although from the Teams perspective Connector might fit better for readonly scenarios.

Still not clear for me when you need both Jira Marketplace addon - Teams for Jira and Microsoft Teams application called "Jira Server". Can you use full functionality with only Microsoft Teams application "Jira Server" ?

Hi @Johan Holmer Lindell ,

To use functionality like Bot, Tab and Messaging Extension in Jira Server application in Microsoft Teams you need Teams for Jira add-on to be installed in your Jira instance. The add-on installation is required, as it will generate specific Jira ID for your Jira instance. This ID is requested by the application in Teams first time when you authorize in Jira through Teams Bot, Tab or Messaging Extension. In other words - Jira add-on is kind of a bridge between Teams application and Jira Server instance.

If you need capability only for push notifications in Jira Server application for Microsoft Teams - you can use Connector capability. Connector doesn't require add-on installation for Jira.

@Gregory Van Den Ham Actually, some help from Atlassian developers would be nice. Is there any way we can contact them directly? Currently we are creating questions here on forums (like this one - https://community.developer.atlassian.com/t/addon-objects-lifecycle-unexpected-behavior/30208), but nobody answers.

@Oleksandr Valetskyy I'm reaching out to some of the people I know. 

@Gregory Van Den Ham Meanwhile we've released the new addon version that supports SAML - 2019.8.7. Please note "nosso" flag should be turned on in configuration to ensure successful login into Jira.

Hi @Oleksandr Valetskyy We are the vendor or the SAML SSO plugin by re:solution for Jira/Confluence/Bitbucket.  @Gregory Van Den Ham contacted us about the Microsoft Teams integration with Jira a couple of weeks ago.

If would be cool if we can work together to better integrate Microsoft's integration with our SAML SSO app. Is there a way we could contact you or to share contacts?

If you visit the Atlassian Open in Vienna, we could also talk during the event.

@Oleksandr Valetskyy In the teams app, 2019.6.8 is the only app available currently.  Have you pushed this to public release? 

@Christopher Schommer thank you sir, I'll buy you a drink at Summit next year ;)

@Gregory Van Den Ham Newest add-on version is 2019.8.11,  released yesterday (2019-08-19).

Now login with sso would work, but with the same drawback UserSync has - local users don't have passwords after replication and thus they need to set it manually prior to logging in. Long story short, we are utilizing "local" login through ?nosso page currently.

@Christopher Schommer I've sent you connect request on LinkedIn with my work mail, thanks.

@Oleksandr Valetskyy  I see the update available in Jira Server, under manage apps.  Any change on the Teams side required?

@Gregory Van Den Ham No, SSO-related changes are purely Jira Server-side based. Think of Jira Server add-on as fancy proxy that establishes connection with integration back-end on Azure. It could not authorize user to Jira because of redirect happening because of SAML SSO add-on, now the issue has been resolved.

All in all, Teams app and Jira Server app (add-on) would update independently and that's perfectly normal.

I feel that this app is great and want to use it.
However, there are security concerns because they are provided by a third vendor.
What does this vendor expect from a free offer?
Even if there is a charge, it is better to promise security.
Is there a plan to complete the security self-assessment?

Maybe there is no security concern with the direct API connection between TEAMS and JIRA?

Please try to fix slack push notifications in the first place.

@marcins Hi, and welcome.  I think the Microsoft team would love to fix slack, but unfortunately it's not their product.  I'll suggest though you open a community question for slack so that the community could take a look at it or open up a request with the slack team directly on their website.

@SmokeyBlues Interesting thoughts and yes - as with any integration with SaaS and OnPremise products, a risk assessment should be conducted.

In the case of Microsoft, i believe their efforts are about developing an open platform and integrating with as many large market players (such as Atlassian) as possible.   This gives their main product the ability to compete in the market place with other group chat providers such as MatterMost and Slack. 

Since you control the account in Jira, you can set limits to what that account can do.    A quick reference is here. 

Every company sees risk slightly different and appetites for risk vary by industry.  You can review some of Microsoft's compliance information here.

Note, as with any SaaS product, there is still a shared level of responsibility with how your team configures security and maintains it.

Hi there, we just added the plug in from our JSD to our institutions M$ Teams platform. We didn't have any issues getting that done. But we noticed that every user who wants to add the app has to go through the process of setting up the app, adding the ID ecc which when you are over 1500 users might be a little time consuming. Can this be automated so everyone has it? 

I see I can create Issue from Teams and edit them which is cool, but can I create a channel from JIRA like I do with Slack?

I assuming the JSD's that are visible on Teams are based on that users JIRA permissions?

Hi Nick, I'll offer a partial answer.   I haven't seen the Operational Incident or War Room channel functionality as of yet in Teams.   This functionality came from the Jira/HipChat/Stride days and something the Atlassian team pushed over.

On the permissions side, the account you give access leverages the Jira security model.  It should only be able to see, comment and create issues according to its Jira permissions.

I need to experiment a bit more on automated deployment, but if you create the Tab view, the people in the channel will see it.  When they click, they'll get prompted to login.

@Gregory Van Den Ham , can you please let me know how to resolve this error when integrating with jira and teams.

In jira side i have installed the teams addon.

And on Teams side when i tried to configure a tab/tried to setup the jira server connectivity we are getting the below error.

Can you please help us on how to resolve this

Error: 

Microsoft Teams app for Jira Server is not responding please try later.

@Prasad Sekar Please verify add-on successfully connected to the integration back-end after installation by going to add-on settings. You should have "Microsoft Teams connection is currently ACTIVE" line at bottom.

If not, you can try hitting "Reconnect". If that does not help, please check your firewall, it should allow egress connections to Microsoft Azure (https://www.msteams-atlassian.com/jiraserver/index.html#configuring-firewall). Should you have any questions or need more detailed troubleshooting, please contact our Support Team.

Hi @Oleksandr Valetskyy , thanks for the information.

As you have mentioned to whitelist the list of IP mentioned in the link https://www.msteams-atlassian.com/jiraserver/index.html?_ga=2.31857977.644600098.1569917483-1333351129.1542266528#configuring-firewall

Can you please let me know what is the port number for this IP's to allow? are there any specific port/port-range  ?

@Prasad Sekar https/443.

Hello @Gregory Van Den Ham and everyone interested, we've recently released version 1.4 Jira Server for Microsoft Teams that uses pure OAuth 1.0a authentication flow. You are not required to enter Jira credentials in Microsoft Teams anymore - validation now happens purely on the Jira Server/SSO side.

Revamped process now consists of 8 stages:

1. Enter Jira id in Microsoft Teams. Click “Connect”.2. On the next screen click on the “Authorize” link. It has the following format: https:///jira/plugins/servlet/oauth/authorize?oauth_token=.3. It will either open Jira login page or redirect you to third-party identity provider like Azure Active Directory. Please put your credentials and log in.

4. You will be redirected to Jira authorization page asking to allow Microsoft Teams to access to your data in Jira. Note you do not pass and store password in our app.

5. Click “Allow”. You will be redirected to “Access Approved” Jira page.

6. Look for verification code and copy it. Note this page can be displayed in a locale selected in your Jira profile and verification code may have other punctuation signs other than apostrophes around it.

7. Paste the verification code to a respective field in Microsoft Teams.

8. Click “Continue”. If the code is correct, you will be redirected to “Authentication successful” page and popup should close. You are all set and can manage your Jira issues in Microsoft Teams.

Please note that for successful authentication in app now it's required for user to have direct network access to Jira Server. This may mean connecting VPN or doing this inside work subnet where Jira Server is hosted. This is valid only for authentication process and is not needed further for other workflows though.

p.s. There is another feature we've released previously that may be not widely known yet - Jira Server app configuration settings that gives ability for admin to decrease network payload size by disabling images embedding during information transfer to Microsoft Teams. If your Jira Server is accessible from internet and have https certificate configured you should definitely try it and notice the performance boost.