It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Generate JIRA Service Desk ticket from Exchange/Office365 "Shared Mailbox"

Hi there. New to JIRA and starting the process of setup and putting it through its paces. I'll describe a few variables first to help fill in the context:

  • We're a college library environment.
  • We've dabbled with JIRA, Freshdesk, Zendesk, and Happy Fox. We're leaning towards JIRA (service desk, confluence, and software) for our needs. 
  • I want a "ticketing system" that will mostly be used behind the scenes for all our IT/Software development folk. JIRA more than meets these needs. So no worries there.
  • A HUGE requirement I need is the ability for any user to be able to submit a "ticket" to us via email. I don't want them to necessarily have to log in and establish some form of account in order to submit anything. Example: I have a student that has an issue. The email our support email address and that generates a ticket in JIRA. I'm running into trouble with this one.
  • I'm skimming: https://confluence.atlassian.com/servicedeskcloud/receiving-requests-by-email-747602718.html and also https://confluence.atlassian.com/servicedeskcloud/quickstart-guide-for-service-desk-email-support-732528953.html for slow guidance. I'm also aware of the Request Security settings, but not sure how much this part plays a role.

 

So here is my biggest challenge I'm running into. When I'm under | Administration | System | Incoming Email | attempting to test JIRA Service Desk to connect to my Exchange/Office365 data: our email account is a  Shared Mailbox in Exchange. This can be tricky for those that don't work in Exchange. This isn't a single user account mailbox and multiple people all access it with the same username/password. It is basically an account that can be accessed by multiple people and does not have a password associated with it. It's accessed based on permissions.

To better understand (in case you need reference): https://technet.microsoft.com/en-us/library/jj150498(v=exchg.150).aspx

 

Sooooooooooooo, I'm wondering if my failing with JIRA to access this Shared Mailbox is because the variables I can manipulate in Incoming Mail are for standard (normal) type mailboxes. Meaning single user, single username/password type setups. I can't even chose to not have a password in these settings.

 

Sorry about the TL;DR post. Just trying to be thorough. I'm open to any guidance/reading/links to resolve my challenges.

I'm wondering if in order to make this work I will need to convert my Shared Mailbox back to a Single User style Exchange/Office365 account.

 

Thanks!

2 answers

For your JIRA inbox, you shouldn't be using a shared mailbox. You should have a mailbox dedicated to JIRA.

This is what we do here (We use the JEMH plugin to handle our incoming emails because we have more specific needs, but that applies to a Service Desk mail handler too)

  1. We have a mailbox called jira@[company].com. It has a login/password.
  2. We set up a mail server from that mailbox in JIRA's Administration / System / Incoming Emails.
  3. We created a handler to map emails received in that mailbox to a specific JIRA project depending on a catched email destination (we use a different distribution list for each customer company, but the emails all end up in the same JIRA mailbox)

In your situation, maybe you would like a forward of these email tickets to your shared mailbox, but I rather think it's unnecessary. Better to rely on JIRA's notifications when the tickets are created to avoid duplicates.

 

Realise this thread is over a year old but just in case anyone else finds themselves here whilst looking for a way to connect to shared mailboxes.

We used to do it the way that Nicholas did, multiple distributions groups to a single standard mailbox and then handlers to process each email address and route the ticket to the appropriate service desk project. We've now switched so we have a single licensed Office 365 account for outbound and individual shared mailboxes per project / service desk which allows us to use the service desk handler as recommended.

Set up is as follows

  1. Standard licensed mailbox with login and password that is used as the outbound mail server in the global mail settings (jira@[company].com)
  2. Each service desk has its own shared mailbox without a username and password. The jira@[company].com account is granted Full Access and Send As rights to each shared mailbox.
  3. When configuring the Email request section of the service desk settings set the email address to the address for the shared mailbox.
  4. In the username box set it as jira@[company].com\<Shared Mailbox Alias>
  5. Password is the password for the jira@[company].com mailbox.

That should allow you to download mail from your shared mailbox using the service desk handler. It also means that we only pay for one Office 365 account as the shared mailboxes are free so we can set up as may of these as we need without additional subscription costs.

Good morning,

I try to follow your suggest but it doesn't work.

I can't set the user name in the way explained at a point 4.

 

Hi, what Ian is refering to is have a shared mailbox automatically forward an E-mail to an actual inbox that does have a password (full mailbox account).

And this full mail account should be integrated into Jira.
This way you can still have mail adresses specifically for the client (aliases / shared boxes)

Not sure how  point 4 worked for anyone :-)

In the username box set it as jira@[company].com\<Shared Mailbox Alias>

In my case I could authenticate to jira@[company].com but not with \<Shared Mailbox Alias>

What worked for me is resetting the shared mailbox password, and logging in via Shared Mailbox Alias@[company].com

Hi Marcin,

Point 4 is actually pretty straight forward, you're authenticating with the account that's been granted access to the shared mailbox using that accounts details. 

MS actually recommend that you block direct sign in on shared mailboxes. To quote the guide on creating shared mailboxes (https://docs.microsoft.com/en-us/office365/admin/email/create-a-shared-mailbox?view=o365-worldwide) 

"Every shared mailbox has a corresponding user account. Notice how you weren't asked to provide a password when you created the shared mailbox? The account has a password, but it's system-generated (unknown). You aren't supposed to use the account to log in to the shared mailbox.

But what if an admin simply resets the password of the shared mailbox user account? Or what if an attacker gains access to the shared mailbox account credentials? This would allow the user account to log in to the shared mailbox and send email. To prevent this, you need to block sign-in for the account that's associated with the shared mailbox."

Whilst your method works it's not secure and you're increasing the foot print of accounts that a malicious user can utilise to send email from your organisation. What do you do when someone leaves? change any shared mailbox password they may have had access to and then go round updating anything and everyone that still needs access to that resource? Far better to turn off the ability to log in to it at all and use the access permissions for their intended purpose.

Just to make sure before replying to this I set up a new service desk following my original posts steps to configure the email settings and can confirm it still works, the shared mailbox that SD is pointed at has logon blocked as per MS recommendations. Service Desk wise we're on 4.0.2 some of the earlier version complain when you set this up that the mailbox is not empty (that wasn't the case when I first posted but became an issue with one of the updates) that seems to have been resolved now. (There's a work round for that issue as well but given that it's working now without fiddling and the work around invovles altering the database entries for the service desk it's not worth detailing)

Ian.

Authenticating as jira@[company].com\<Shared Mailbox Alias> simply doesn't work.

Marcin,

Given that as of today I have 9 desks set up exactly this way I can confirm not only does it work but it's actually straight forward to set up, I've been doing this way since we added the second service desk several years ago. 

I'm wondering if we're talking at cross purposes this is purely the set up for the service desk inbound email configured from within the project settings under email requests. This is also a server install of Jira rather than the cloud offering, I have no idea if it applies to the cloud version. Outbound email in the global config is using a licensed O365 account that's been granted full access permissions to each of the specific projects shared mailboxes and the config for each service desks email email requests has been set up exactly as I described.

If it makes a difference we're using secure pop.

Iain.

Thanks for your pointers Ian. I'm using IMAPS and getting auth denied. Will try POP3S. Failing that will try latest Service Desk. 

Many thanks for your time with me here. Cheers!

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Calling all Jira Cloud users! Give us feedback on our exploration of a new navigation.

Hi everyone! My name’s Matt and I’m a product manager at Atlassian. I work in the navigation & findability space for all our Jira Cloud products. We’ve been working on trying to improve the exp...

913 views 14 12
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you