We have jira (On-prem) access configured through Okta SSO as Identity provider (IDP).
This works well for accessing JIRA tool thru OKTA sign-in
However, I want to access JIRA REST API to integrate another tool with JIRA. I cannot use Basic Auth because I do not have a jira username/password (we have SSO through Okta).
What is the process to call JIRA APIs through Okta SSO.. Kindly help on this.
I understand that your Jira server instance is integrated with an OKTA SSO system to handled authentication, and in turn you are trying to figure out how to best integrate another applications using the REST API of Jira now.
The use of the REST API in Jira server has two possible methods for authentication:
The use of basic authentication could be restricted in some SSO setups with Jira. This is because Jira can be configured to use a different authenticator. When this happens in most cases, Jira is no longer handling the authentication aspect, but instead OKTA is. You could potentially reconfigure Jira to still handle these basic authentication requests, that would permit the use of basic auth in REST again, but it's not commonly done this way because the fear is that it makes Jira less secure and that the use of OKTA is being bypassed here.
One alternative here is to use OAuth authentication instead. The major benefit of this approach is that it is much more secure than basic auth will ever be. The major drawback of that approach is that it is considerably more complex to setup and requires you to use some additional code in order to handle the handshakes, aka Doing the OAuth Dance. Sometimes, admins what want to make this integration are not necessarily prepared to add code to their other application to complete this integration.
This same problem is above is also summarized in a partner's guide, that might be a helpful alternative explanation https://wiki.resolution.de/doc/saml-sso/latest/all/knowledgebase-articles/technical/using-the-atlassian-product-s-rest-api-with-saml-sso-enabled.
Another alternative that appears to bridge the gap between these two approaches is the use of a paid 3rd party plugin for Jira, such as API Tokens for Jira. This approach appears to be slightly more secure than basic auth, and less complex to setup than OAuth. Atlassian natively provides this kind of API Token ability already for Atlassian Cloud products, however Jira Server does not have this functionality out of the box right now. I have not utilized this particular plugin myself yet, but perhaps this could be one possible solution for yourself or others that might have an SSO, SAML, OKTA integration already setup with Jira.
I hope this helps.
You can use the app REST API Access using OAuth/OIDC to access JIRA's REST API using Okta. You can simply set up OAuth flow with Okta and use it's access token to use Jira's API. It works in these 2 simple steps:
You can follow this step by step guide to set up the app:
If you need any assistance in setting this up, you can reach out to us at firstname.lastname@example.org. We'll set up a call to assist you in setting this up.
PS: Full disclosure, I work for miniOrange.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events