This page is for the Jira Cloud connector.

For information on the Jira Data Center (Jira On-Prem) connector, please see the Jira Data Center Connector page.

Introduction

The JIRA connector for Glean allows Glean to fetch and index content from JIRA, ensuring users can search and access documents with authorized permissions.

  • Authentication: Glean requires the JIRA admin to authenticate to Glean when setting up the Glean crawler app in the Atlassian marketplace.

  • Data Storage: All data is stored in the cloud project within the customer’s cloud account, ensuring no data leaves the customer’s environment

API Usage

  • Standard API: Glean uses Atlassian’s standard API for JIRA to ingest all data

Integration Features

  • Content Captured: Glean captures JIRA projects, service management, dashboards, and more.

  • Permissions Enforcement: Glean respects all user access permissions, ensuring users only see search results for documents they can access. When a user clicks on a search result, they are taken to the JIRA web application, which enforces the permission.

Versions Supported

The JIRA cloud connector has no specific version limitations, which is Atlassian’s SaaS offering of JIRA in the cloud. Glean supports the JIRA datacenter, a customer-managed deployment with a different connector and separate documentation.

Objects Supported

The JIRA connector supports the following objects:

  • Projects
  • Issues
  • Comments
  • Dashboards
  • Filters

Authentication Mechanism

The Jira/Confluence admin will install an app whose installation url will be present on the Glean setup page. That will be used for indexing the content, and for webhooks .

Connector credentials requirements

The JIRA connector for Glean requires specific permissions to function correctly.

  • Glean requires authentication to the JIRA instance to fetch relevant information.

  • Glean understands all user access permissions and strictly enforces them at the time of the query, ensuring that users cannot see results to which they do not have access.

  • It’s important to note that all data is stored in the cloud project in the customer’s cloud account and no data leaves the customer’s environment.

  • Glean only requires READ-level permissions. Application vendors may not provide granularity in their permission schemes for read-only access as observed by Atlassian for the listing group permissions and issue securit.y

Connection instructions

Disclaimer: The instructions below are updated periodically by Glean on our customer-facing documentation. For the latest instructions, refer to the Glean Admin UI

Connect to Jira Cloud

Required permissions for setup

  • The user setting up this data source must have administrator permissions.

1. Set up the basics

  1. Sign into Jira as an admin. Copy your Atlassian domain from the URL bar and paste into Glean:
    https://YourAtlassianDomain.atlassian.net

  2. Go to https://admin.atlassian.com/

  3. Click the 3 dots belonging to the organization matching your Atlassian domain from step 1, then click on Manage product access

  4. Click on Manage access for the Jira Software Product

  5. Enter the default groups (there might be only one) as a comma-separated list in Glean. Only users in the provided product access groups will be able to see results in Glean.

  6. Click Create Forge Crawler App in Glean. This should create an installation link for the Glean crawler app.

2. Connect the Forge Crawler app

  1. As a Jira admin, open the Forge Crawler app installation link from the Glean setup page.

  2. Click on Get app and install the app in the correct Jira instance.

  3. After the app installation is successful, click Save in Glean. You’re all set!

Authentication scope requirements

Glean requires read-only scope.

Items crawled

Content Indexed

  • Projects
  • Issues
  • Comments
  • Dashboards
  • Filters

Identity

  • Users: Information about users within the JIRA

  • Groups: Details about groups within JIRA at the global, project, and issue level

  • Memberships: Information about group memberships at global and project level, indicating which users belong to which groups.

The identity crawl operates with the following configurations:

  • Incremental Identity Crawls: These are performed to capture changes since the last crawl.

  • Full Identity Crawls: These are conducted periodically to ensure all identity data is up-to-date.

Activity

  • Adds: New issues, projects, files, or folders added

  • Updates: Modifications made to existing issues, projects, files, or folders.

  • Permissions Changes: Changes in issues, projects, files, or folders sharing permissions.

  • Deletions: issues, projects, files, or folders that have been deleted.

  • View Activity: Events indicating when an issues, projects, files, or folders has been viewed.

The Glean Activity plugin for Jira helps Glean to provide highly personalized search results for the users. By sending webhook events to Glean each time a user views an issue in Jira, the plugin enables Glean instance to gather valuable information that is crucial to delivering an outstanding search experience. This information is stored securely in your dedicated cloud project, ensuring complete privacy and protection of your data.

Rate Limits

  • Queries per Second (QPS): The default rate limit is set to 12 queries.

Update frequency

Content updates for the JIRA connector in Glean can happen quite rapidly, depending on the type of update and the configuration settings. Here are the key areas:

  • Activity Reports: Adds, updates, and permissions changes are crawled every 10 minutes. This means that any new files, modifications to existing files, or changes in sharing permissions are detected and processed quickly.

  • People / Identity Crawls: Changes to group memberships are picked up by the identity crawl, which runs every hour. This ensures that updates to user groups and their permissions are reflected promptly.

  • Incremental Crawls occur every 3 hours to provide additional reliability beyond the minute-by-minute activity reports.

  • Full Crawls: The frequency of full crawls can be configured, but they are generally less frequent than incremental crawls at 28 days

Changes in data must be crawled, processed, and indexed before the data is reflected in the UI. Actual time may vary depending on the number of changes and corpus size. For the most up-to-date crawler refresh information, please refer to [External] Glean crawling strategy

How the crawl works

The JIRA crawler follows the traditional crawler strategy, including utilizing the JIRA API and the following ways to get and update data:

  • Identity Crawl: updating and adding of People data, including users, groups, and other information

  • Activity Crawl: Adds, updates, and permissions changes to content

  • Webhooks: are messages sent by the application to notify Glean of changes in real-time, and then Glean either initiates crawl or picks up the change on the next crawl

  • Content Crawls: Full crawls the entire defined scope of the application, whereas incremental crawls only capture the changes from the previous full or incremental crawl

Known Limitations in Crawl

  • The crawl speed can be affected by the rate limits imposed by the JIRA API

  • The Glean JIRA connector cannot read restricted pages unless the admin grants access to the Glean app for those pages. This means that restricted pages will not be indexed or searchable by default.

API endpoints

PurposeCloud EndpointCloud level PermissionOAuth 2.0 scopes required & recommendedConnect app scope requiredDescription
Get all dashboardsdashboardNoneClassic: read:jira-workREADReturns a list of dashboards owned by or shared with the user. The list may be filtered to include only favorite or owned dashboards
Get dashboarddashboard/%sNoneClassic: read:jira-workREADReturns a dashboard for the user
Get users from groupgroup/memberBrowse users and groups global permission or Administer Jira global permissionClassic: manage:jira-configurationADMINReturns a paginated list of all users in a group
Find groupsgroups/pickerBrowse projects project permissionClassic: read:jira-userREADReturns a list of groups whose names contain a query string
Get issueissue/%sBrowse projects project permissionClassic: read:jira-workREADReturns the details for an issue
Get issue security level membersissue security schemes/%s/membersAdminister Jira global permission.Classic: manage:jira-configurationADMINReturns issue security level members: identifying which users, groups, or roles have access to issues under specific security levels within classic projects
Get projectproject/%sBrowse projects project permissionClassic: read:jira-workREADReturns the project details for a project.
Get project issue security schemeproject/%s/issuesecuritylevelschemeAdminister Jira global permission or the Administer Projects project permission.Classic: manage:jira-configurationREADallows you to understand the security configurations governing issue visibility within that project
Get assigned permission schemeproject/%s/permissionschemeAdminister Jira global permission or Administer projects project permission.Classic: read:jira-workREADpermissions granted to users and groups within a project, determining their capabilities such as issue creation, editing, or project administration
Get project role for projectproject/%s/role/%sAdminister Projects project permission for the project or Administer Jira global permission.Classic: read:jira-workREADretrieves detailed information about a particular project role within a specified project. This includes the role’s description and the list of users and groups assigned to that role, known as “actors.”
Search for issues using JQLsearchBrowse projects project permissionClassic: read:jira-workREADSearches for issues using JQL
Get request typesservicedesk/projectKey:%s/requesttypePermission to access the service deskClassic: read:servicedesk-requestREADReturns all customer request types from a service desk
Get request type fieldsservicedesk/projectKey:%s/requesttype/fieldPermission to access the service deskClassic: read:servicedesk-requestREADreturns the fields for a service desk’s customer request type
Get project form index/project/projectKey:%s/formPermission to access the projectClassic: read:jira-workREADReturns all the forms associated with the project
Get form template/project/projectKey:%s/form/formId%sPermission to access the projectClassic: read:jira-workREADReturns the template aka schema of the form
Search for filtersfilter/searchNoneClassic: read:jira-workREADReturns a paginated list of filters
Get filterfilter/%sNoneClassic: read:jira-workREADReturns a filter
List projectsproject/searchBrowse Projects project permission for the project. Administer Projects project permission for the project. Administer Jira global permission.Classic: read:jira-workREADReturns a paginated list of projects visible to the user
Access email addressesuser/email/bulkN/Aread:email-address:jiraACCESS_EMAIL_ADDRESSESReturns a user’s email address regardless of the user’s profile visibility settings. For Connect apps, this API is only available to apps approved by Atlassian, according to these guidelines. For Forge apps, this API only supports access via asApp() requests.
Get user groupsuser/groupsN/AClassic: read:jira-userREADReturns the groups to which a user belongs
Register a webhookRegister Dynamic webhooksOnly Connect and OAuth 2.0 apps can use this operationClassic: read:jira-work, manage:jira-webhookREADRegisters webhooks

Content Configuration

Note: If Inclusion (Green-Listing) options are enabled, only content from the Inclusion category will be indexed. If Exclusion (Red-Listing) options are enabled, all content in the exclusion category will be removed. If both rules are applied to the same content, then the content will NOT be indexed, as exclusion rules take priority.

The rules below should be used MINIMALLY to preserve the enterprise search experience, as most end-users expect to find all content. Most customers do not apply any rules or apply exclusion rules sparingly for sensitive folders.

There may be a delay before the system fully reflects these changes. Furthermore, customers can hide the relevant documents if access has been inadvertently granted to an individual. For detailed guidance on using the “Hide” functionality via CSV upload, please refer to How to Hide Documents via CSV Upload article.

Exclusion (Red-Listing) Options

By entering specific project ID’s in the box within UI, the specified projects will be excluded from being crawled and indexed by Glean.

Note: Exclusion rules are applied automatically after the next full crawl.

Inclusion (Green-Listing) Options

By entering specific project ID’s in the box within UI, the specified projects will be crawled and indexed by Glean (and nothing else)

Looking for the original version of this page? You can find the archived version here.

Was this page helpful?