Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA Rest api Access with OKTA

ignite_gtia
ignite_gtia September 24, 2019

We have jira (On-prem) access configured through Okta SSO as Identity provider (IDP).

This works well for accessing JIRA tool thru OKTA sign-in

However, I want to access JIRA REST API to integrate another tool with JIRA. I cannot use Basic Auth because I do not have a jira username/password (we have SSO through Okta).

What is the process to call JIRA APIs through Okta SSO.. Kindly help on this. 

Answer
Watch
Like Channing Burgess likes this
8139 views

2 answers

1 accepted

4 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 4, 2019

Hi,

I understand that your Jira server instance is integrated with an OKTA SSO system to handled authentication, and in turn you are trying to figure out how to best integrate another applications using the REST API of Jira now.

The use of the REST API in Jira server has two possible methods for authentication:

The use of basic authentication could be restricted in some SSO setups with Jira.  This is because Jira can be configured to use a different authenticator.  When this happens in most cases, Jira is no longer handling the authentication aspect, but instead OKTA is.  You could potentially reconfigure Jira to still handle these basic authentication requests, that would permit the use of basic auth in REST again, but it's not commonly done this way because the fear is that it makes Jira less secure and that the use of OKTA is being bypassed here.

One alternative here is to use OAuth authentication instead.  The major benefit of this approach is that it is much more secure than basic auth will ever be.  The major drawback of that approach is that it is considerably more complex to setup and requires you to use some additional code in order to handle the handshakes, aka Doing the OAuth Dance. Sometimes, admins what want to make this integration are not necessarily prepared to add code to their other application to complete this integration.

This same problem is above is also summarized in a partner's guide, that might be a helpful alternative explanation https://wiki.resolution.de/doc/saml-sso/latest/all/knowledgebase-articles/technical/using-the-atlassian-product-s-rest-api-with-saml-sso-enabled.

Another alternative that appears to bridge the gap between these two approaches is the use of a paid 3rd party plugin for Jira, such as API Tokens for Jira.  This approach appears to be slightly more secure than basic auth, and less complex to setup than OAuth.  Atlassian natively provides this kind of API Token ability already for Atlassian Cloud products, however Jira Server does not have this functionality out of the box right now.  I have not utilized this particular plugin myself yet, but perhaps this could be one possible solution for yourself or others that might have an SSO, SAML, OKTA integration already setup with Jira.

I hope this helps.

Andy

View More Comments
Jennifer Givens
Jennifer Givens August 18, 2021

 Please disregard my previous question

Like
Reply
0 votes
Ankit
Ankit
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
October 4, 2019

Hi there,

You can use the app REST API Access using OAuth/OIDC to access JIRA's REST API using Okta. You can simply set up OAuth flow with Okta and use it's access token to use Jira's API. It works in these 2 simple steps:

  1. Fetch access token from Okta
  2. Use this access token in Jira REST API Authorization header.

You can follow this step by step guide to set up the app:

http://plugins.miniorange.com/guide-to-setup-rest-api-authentication-jira 

If you need any assistance in setting this up, you can reach out to us at info@xecurify.com. We'll set up a call to assist you in setting this up.

Thanks,

Ankit Ahuja

 PS: Full disclosure, I work for miniOrange

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events