Learn how to synchronize Azure AD Attributes Sync and Azure Active Directory (AD)
Connecting Jira internal directory to Microsoft Azure Active Directory allows you to match user accounts, so that their Azure AD attributes can be displayed in Jira and on the Customer portal.
Obtaining a Tenant ID value from your Azure Active Directory instance is the first step to do that. Below, you’ll find instructions on how to do it.
Tenant ID
Steps
Go to portal.azure.com.
Select Azure Active Directory.
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
In the Overview section navigate to Basic information and copy the Tenant ID value.
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Results
Tenant ID has been copied.
In the next part of this chapter, you’ll learn how to use it to connect the Azure AD Attributes Sync for Jira app with Azure Active Directory portal.
Connecting the app to Azure Active Directory
Warning
We’ve updated the authorization logic. Make sure to follow instruction below, to gain benefits of the new solution.
Benefits of the new authorization logic
With the introduction of the automatic authorization method, we can distinguish several advantages over the previous, manual authorization logic:
Increased safety: The new automatic authorization method enhances the security of your Jira Cloud and Microsoft Azure integration. By leveraging modern authorization protocols and mechanisms, it provides a robust and secure framework, mitigating potential vulnerabilities and safeguarding sensitive data.
No manual API permissions: With the new method, the cumbersome task of manually setting API permissions is eliminated. The automatic authorization streamlines the configuration process by handling the necessary permissions and access controls automatically. This saves time and effort for administrators, ensuring a smoother integration experience.
Elimination of authorization key copying: The new method removes the need to manually copy authorization keys between Jira Cloud and Microsoft Azure AD. It simplifies the setup process, reducing the chances of errors and minimizing potential security risks associated with manual key handling. This simplification promotes a more efficient and hassle-free integration workflow.
Elimination of the client secret: New method completely removes the need of generating the client secret. You no longer have to worry about the expiration date of the client secret.
Info
After updating the authorization method, the app will be added to the Enterprise applications list; the application list under App registrations will remain the same.
Updating the authorization method doesn’t affect the previously registered app. The new app will be used for synchronization, and the old one may be deleted.
Updating the authorization method doesn’t affect end-users in any way.
Quick Guide
Click through the live demo to see how to connect the app to Azure AD. You can find the written instruction below the video.
Connecting for the first time
Steps
To connect Azure AD to Jira:
In Jira, navigate to Jira settings > Apps.
Tip
You can also access the app through the main navigation bar by following: Apps > Azure AD Attributes Sync. This path will take you directly to the Configuration section.
In the Azure AD Attributes section, click Configuration.
Click Add directoryAzure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Type in the directory name, provide primary domain, or tenant ID and click Generate authentication link
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Follow the newly generated link, to authorize the app in the Azure Active Directory. If you are not an Azure AD admin, provide this link to a proper person. Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Note
Note that the app will ask you to configure Azure AD permissions. Here you can learn the details about them.
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
The link will take you (or the Azure admin) to the authorization site in the Azure Active Directory. To finish the authorization process click Accept.
Info
Clicking Accept on the Microsoft Azure side will result in the installation of our app on the Azure instance.
It will be visible in the Azure Enterprise applications section. This is a proper behavior for all marketplace apps.
Results
The Azure AD Attributes Sync for Jira app is connected to Microsoft Azure Active Directory.
Updating connection (connection created before 10.07.2023)
Warning
As the manual authorization method has been deprecated, if a connection was created before 10th July 2023, you will have to update your authorization method.
If you don’t update your method now your connection won’t stop running and data will continue to be exchanged between Jira and Azure Portal, still we strongly recommend updating the authorization method now, for safer and more efficient process.
To update the authorization method:
Steps
In Jira, navigate to Jira settings > Apps.
In the Azure AD Attributes section, click Configuration.
Click Update authorization
Confirm the directory by providing a tenant ID and clicking Generate authentication link
Follow the newly generated link, to authorize the app in the Azure Active Directory. If you are not an Azure admin, provide this link to a proper person.
The link will take you (or the Azure admin) to the authorization site in the Azure Active Directory. To finish the authorization process click Accept.
Info
Clicking Accept on the Microsoft Azure side will result in the installation of our app on the Azure instance.
It will be visible in the Azure Enterprise applications section in Azure Portal. This is a proper behavior for all marketplace apps.
Tip
You can try the live demo below to click through the new setup.
Results
The authorization method has been updated.
Multiple directories
You can include more than one Microsoft Azure directory.
Info
Multiple directories feature follows the logic described below:
Application searches all directories for a user with selected attributes, starting with the topmost directory on the list
Application fetches the data from the first directory that contains given user
Application stops searching the directories at the moment of the first successful mapping
All authorized directories share the same configuration
Steps
Navigate to Jira settings > Apps.
Tip
You can also access the app through the main navigation bar by following: Apps > Azure AD Attributes Sync.>br/>This path will take you directly to the Configuration section.
In the Azure AD Attributes section, click Configuration.
Click Add directory.
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Type in the directory name, provide primary domain or Tenant ID of your Azure instance.
Click Generate authorization linkAzure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Follow the newly generated link, to authorize the app in the Azure Active Directory. If you are not an Azure admin, provide this link to a proper person.
The link will take you (or the Azure admin) to the authorization site in the Azure Active Directory. To finish the authorization process click Accept.
Result
Additional directory has been added to list of your directories:
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Note
You can rearrange the order of your directories with the drag and drop functionality
You can include up to 4 additional directories. After exceeding the limit of 5 directories, the Add directory option will become unavailable
Directories panel
Newly added directories will be visible in the directories panel.
There are two distinguishable directory statuses:
Active - when a directory has been configured properly and the synchronization is running
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Inactive - when a user removes the app from the Azure Active Directory instance, when the user revokes the permission in the Azure Active Directory instance, or when the Azure Active Directory admin does not accept the authorization.
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
You can troubleshoot the inactivity issue by clicking on the generated link, to authorize app in the Azure AD again.
Removing directories
Steps
In Jira, navigate to Jira settings > Apps.
Tip
You can also access the app through the main navigation bar by following: Apps > Azure AD Attributes Sync.>br/>This path will take you directly to the Configuration section.
In the Azure AD Attributes section, click Configuration.
Click on the bin icon next to the directory you wish to remove.
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Click Delete on the confirmation screen.
Azure AD Attributes for Jira - Connecting Azure AD Attributes with Azure AD
Results
The directory has been removed. The synchronization of attributes will be stopped, but its configuration will remain intact.
Next up
Now that the connection between Azure AD Attributes Sync for Jira and Azure Active Directory has been established, the next step is to match the users between the platforms. The Matching users chapter provides detailed instructions.
Need help?
If you can’t find the answer you need in our documentation, raise a support request.