Skip to main content
All CollectionsConnectors
Jira Cloud Connector
Jira Cloud Connector

This article covers all information related to Glean’s JIRA connector

Dan Iacono avatar
Written by Dan Iacono
Updated yesterday

Introduction

The JIRA connector for Glean allows Glean to fetch and index content from JIRA, ensuring users can search and access documents with authorized permissions.

  • Authentication: Glean requires the JIRA admin to authenticate to Glean when setting up the Glean crawler app in the Atlassian marketplace.

  • Data Storage: All data is stored in the cloud project within the customer's cloud account, ensuring no data leaves the customer's environment

API Usage

  • Standard API: Glean uses Atlassian’s standard API for JIRA to ingest all data

Integration Features

  • Content Captured: Glean captures JIRA projects, service management, dashboards, and more.

  • Permissions Enforcement: Glean respects all user access permissions, ensuring users only see search results for documents they can access. When a user clicks on a search result, they are taken to the JIRA web application, which enforces the permission.

Versions Supported

The JIRA cloud connector has no specific version limitations, which is Atlassian’s SaaS offering of JIRA in the cloud. Glean supports the JIRA datacenter, a customer-managed deployment with a different connector and separate documentation.

Objects Supported

The JIRA connector supports the following objects:

  • Projects

  • Issues

  • Comments

  • Dashboards

  • Filters

Authentication Mechanism

The Jira/Confluence admin will install an app whose installation url will be present on the Glean setup page. That will be used for indexing the content, and for webhooks .

Connector credentials requirements

The JIRA connector for Glean requires specific permissions to function correctly.

  • Glean requires authentication to the JIRA instance to fetch relevant information.

  • Glean understands all user access permissions and strictly enforces them at the time of the query, ensuring that users cannot see results to which they do not have access.

  • It’s important to note that all data is stored in the cloud project in the customer's cloud account and no data leaves the customer's environment.

  • Glean only requires READ-level permissions. Application vendors may not provide granularity in their permission schemes for read-only access as observed by Atlassian for the listing group permissions and issue securit.y

Connection instructions

Disclaimer: The instructions below are updated periodically by Glean on our customer-facing documentation. For the latest instructions, refer to the Glean Admin UI

Connect to Jira Cloud

Required permissions for setup

  • The user setting up this data source must have administrator permissions.

1. Set up the basics

  1. Sign into Jira as an admin. Copy your Atlassian domain from the URL bar and paste into Glean:
    https://YourAtlassianDomain.atlassian.net

  2. Click the 3 dots belonging to the organization matching your Atlassian domain from step 1, then click on Manage product access

  3. Click on Manage access for the Jira Software Product

  4. Enter the default groups (there might be only one) as a comma-separated list in Glean. Only users in the provided product access groups will be able to see results in Glean.

  5. Click Create Forge Crawler App in Glean. This should create an installation link for the Glean crawler app.

2. Connect the Forge Crawler app

  1. As a Jira admin, open the Forge Crawler app installation link from the Glean setup page.

  2. Click on Get app and install the app in the correct Jira instance.

  3. After the app installation is successful, click Save in Glean. You’re all set!

Authentication scope requirements

Glean requires read-only scope.

Items crawled

Content Indexed

  • Projects

  • Issues

  • Comments

  • Dashboards

  • Filters

Identity

  • Users: Information about users within the JIRA

  • Groups: Details about groups within JIRA at the global, project, and issue level

  • Memberships: Information about group memberships at global and project level, indicating which users belong to which groups.

The identity crawl operates with the following configurations:

  • Incremental Identity Crawls: These are performed to capture changes since the last crawl.

  • Full Identity Crawls: These are conducted periodically to ensure all identity data is up-to-date.

Activity

  • Adds: New issues, projects, files, or folders added

  • Updates: Modifications made to existing issues, projects, files, or folders.

  • Permissions Changes: Changes in issues, projects, files, or folders sharing permissions.

  • Deletions: issues, projects, files, or folders that have been deleted.

  • View Activity: Events indicating when an issues, projects, files, or folders has been viewed.

The Glean Activity plugin for Jira helps Glean to provide highly personalized search results for the users. By sending webhook events to Glean each time a user views an issue in Jira, the plugin enables Glean instance to gather valuable information that is crucial to delivering an outstanding search experience. This information is stored securely in your dedicated cloud project, ensuring complete privacy and protection of your data.

Rate Limits

  • Queries per Second (QPS): The default rate limit is set to 12 queries.

Update frequency

Content updates for the JIRA connector in Glean can happen quite rapidly, depending on the type of update and the configuration settings. Here are the key areas:

  • Activity Reports: Adds, updates, and permissions changes are crawled every 10 minutes. This means that any new files, modifications to existing files, or changes in sharing permissions are detected and processed quickly.

  • People / Identity Crawls: Changes to group memberships are picked up by the identity crawl, which runs every hour. This ensures that updates to user groups and their permissions are reflected promptly.

  • Incremental Crawls occur every 3 hours to provide additional reliability beyond the minute-by-minute activity reports.

  • Full Crawls: The frequency of full crawls can be configured, but they are generally less frequent than incremental crawls at 28 days

Changes in data must be crawled, processed, and indexed before the data is reflected in the UI. Actual time may vary depending on the number of changes and corpus size. For the most up-to-date crawler refresh information, please refer to [External] Glean crawling strategy

How the crawl works

The JIRA crawler follows the traditional crawler strategy, including utilizing the JIRA API and the following ways to get and update data:

  • Identity Crawl: updating and adding of People data, including users, groups, and other information

  • Activity Crawl: Adds, updates, and permissions changes to content

  • Webhooks: are messages sent by the application to notify Glean of changes in real-time, and then Glean either initiates crawl or picks up the change on the next crawl

  • Content Crawls: Full crawls the entire defined scope of the application, whereas incremental crawls only capture the changes from the previous full or incremental crawl

Known Limitations in Crawl

  • The crawl speed can be affected by the rate limits imposed by the JIRA API

  • The Glean JIRA connector cannot read restricted pages unless the admin grants access to the Glean app for those pages. This means that restricted pages will not be indexed or searchable by default.

API endpoints

Purpose

Cloud Endpoint

Cloud level Permission

OAuth 2.0 scopes required & recommended

Connect app scope required

Description

Get all dashboards

None

Classic: read:jira-work

READ

Returns a list of dashboards owned by or shared with the user. The list may be filtered to include only favorite or owned dashboards

Get dashboard

None

Classic: read:jira-work

READ

Returns a dashboard for the user

Get users from group

Browse users and groups global permission or Administer Jira global permission

Classic: manage:jira-configuration

ADMIN

Returns a paginated list of all users in a group

Find groups

Browse projects project permission

Classic:

read:jira-user

READ

Returns a list of groups whose names contain a query string

Get issue

Browse projects project permission

Classic: read:jira-work

READ

Returns the details for an issue

Get issue security level members

Administer Jira global permission.

Classic: manage:jira-configuration

ADMIN

Returns issue security level members: identifying which users, groups, or roles have access to issues under specific security levels within classic projects

Get project

Browse projects project permission

Classic: read:jira-work

READ

Returns the project details for a project.

Get project issue security scheme

Administer Jira global permission or the Administer Projects project permission.

Classic: manage:jira-configuration

READ

allows you to understand the security configurations governing issue visibility within that project

Get assigned permission scheme

Administer Jira global permission or Administer projects project permission.

Classic: read:jira-work

READ

permissions granted to users and groups within a project, determining their capabilities such as issue creation, editing, or project administration

Get project role for project

Administer Projects project permission for the project or Administer Jira global permission.

Classic: read:jira-work

READ

retrieves detailed information about a particular project role within a specified project. This includes the role’s description and the list of users and groups assigned to that role, known as “actors.”

Search for issues using JQL

Browse projects project permission

Classic: read:jira-work

READ

Searches for issues using JQL

Get request types

Permission to access the service desk

Classic: read:servicedesk-request

READ

Returns all customer request types from a service desk

Get request type fields

Permission to access the service desk

Classic: read:servicedesk-request

READ

returns the fields for a service desk's customer request type

Get project form index

Permission to access the project

Classic: read:jira-work

READ

Returns all the forms associated with the project

Get form template

Permission to access the project

Classic: read:jira-work

READ

Returns the template aka schema of the form

Search for filters

None

Classic: read:jira-work

READ

Returns a paginated list of filters

Get filter

None

Classic: read:jira-work

READ

Returns a filter

List projects

Browse Projects project permission for the project.

Administer Projects project permission for the project.

Administer Jira global permission.

Classic: read:jira-work

READ

Returns a paginated list of projects visible to the user

Access email addresses

N/A

read:email-address:jira

ACCESS_EMAIL_ADDRESSES

Returns a user's email address regardless of the user's profile visibility settings. For Connect apps, this API is only available to apps approved by Atlassian, according to these guidelines. For Forge apps, this API only supports access via asApp() requests.

Get user groups

N/A

Classic:

read:jira-user

READ

Returns the groups to which a user belongs

Register a webhook

Only Connect and OAuth 2.0 apps can use this operation

Classic:

read:jira-work, manage:jira-webhook

READ

Registers webhooks

Content Configuration

Note: If Inclusion (Green-Listing) options are enabled, only content from the Inclusion category will be indexed. If Exclusion (Red-Listing) options are enabled, all content in the exclusion category will be removed. If both rules are applied to the same content, then the content will NOT be indexed, as exclusion rules take priority.

The rules below should be used MINIMALLY to preserve the enterprise search experience, as most end-users expect to find all content. Most customers do not apply any rules or apply exclusion rules sparingly for sensitive folders.

There may be a delay before the system fully reflects these changes. Furthermore, customers can hide the relevant documents if access has been inadvertently granted to an individual. For detailed guidance on using the “Hide” functionality via CSV upload, please refer to How to Hide Documents via CSV Upload article.

Exclusion (Red-Listing) Options

By entering specific project ID’s in the box within UI, the specified projects will be excluded from being crawled and indexed by Glean.

Note: Exclusion rules are applied automatically after the next full crawl.

Inclusion (Green-Listing) Options

By entering specific project ID’s in the box within UI, the specified projects will be crawled and indexed by Glean (and nothing else)

Did this answer your question?