Security Details on MS Teams Addon for JIRA

Michael Ma December 3, 2019

Our company is considering adding this plugin to enable the integration between JIRA and MS Teams, however we take security seriously and have a few questions we are hoping we can get an answer for:

  • Has Softserve completed a security assessment with Atlassian? If not, are they looking at completing one?
  • There doesn't seem to be information available on the security of the plug-in and what data is accessed, or where it is routed or stored.  Location of where data is stored is a concern for us as certain locations such as Ukraine is designated as forbidden for us. Also if traffic is routed through the Ukraine this would be a major concern for many of our clients who have strict geo-location requirements.  Would it be possible to get hold of more details about how these plug-ins work and where data/traffic between Atlassian and Softserve might be routed and stored?

    Thanks heaps!

2 answers

0 votes
Drew Cottrell February 20, 2020

@SoftServe Support I connected this successfully to test, but don't see your app listed as using my OAuth token, why is that?

SoftServe Support
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 26, 2020

Dear Drew,

Thank you for contacting us! We have received your request and are currently working on it in scope of your ticket.

Best regards,
SoftServe Support Team

0 votes
SoftServe Support
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 3, 2019

Hi Michael,

Thank you for being interested in our products. 

Please be informed that our cloud provider is Microsoft Azure. We host all static files (HTML, CSS, JavaScript files) and RESTful web services under two regions: West Europe (Netherlands) and Central US (Iowa). At the moment user cannot choose in what region to store data, so all user's requests will be served by the closest region to the user. 

To perform an integration between Microsoft Teams and Jira Cloud we have to store in database (we use Azure CosmosDB with read/write replicas in Central US and West Europe) next information:

  1. Active Directory Object Identifier (OID) - unique ID from your organization's Active Directory 
  2. Security context from Jira Cloud Add-on framework (recommended approach by Atlassian Team https://developer.atlassian.com/cloud/jira/platform/authentication-for-apps/ )
  3. Jira Cloud instance URL

Our integration stores only information that is required to map your Microsoft Teams user to Atlassian user and make call to Jira Cloud API on behalf of your user. So, all Jira related data would be stored under Jira infrastructure (AWS) and mapping only information under SoftServe infrastructure (Azure).

We are collecting and storing:

  • OAuth tokens to ensure applications interconnectivity and user authorization and mapping between Atlassian products (Jira, Bitbucket) and Microsoft Teams.
  • Your Jira configuration (Jira url).

We don’t collect, process or store any personal information, including your user name, name and email addresses. We do not store your IP addresses. We identify your location based on IP address, IP address is transmitted to identify the location but not stored. We do not store any project or communication specific data from JIRA, Bitbucket or Microsoft Teams.

Also, we have a privacy policy page with detailed information - https://www.softserveinc.com/en-us/msteams-atlassian-privacy-policy/

As for the Vendor Security Self-Assessment, we are working on its completion. The security self-assessment takes some time to be fully processed and completed. Could you please let us know whether you would like to be informed once it is done? 

We hope this was helpful.

Best regards
SoftServe Support Team

William Wilson September 15, 2021

I would like to see the Security Self-Assessment!

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events