Uploaded image for project: 'Atlassian Product Integrations'
  1. Atlassian Product Integrations
  2. API-747

Support for NAA in Outlook

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Jira Cloud for Outlook
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      With the deprecation of tokens within Outlook: https://devblogs.microsoft.com/microsoft365dev/updates-on-deprecating-legacy-exchange-online-tokens-for-outlook-add-ins/ it would be great if the Jira Cloud for Outlook add-in had a solution that doesn't utilize exchange online user identity tokens and callback items and uses Nested App Authentication (NAA) instead.

      Workaround

      Currently, there is no known workaround for this behavior. A workaround will be added here when available

          Form Name

            [API-747] Support for NAA in Outlook

            Pinned comments

            Pinned by Samyak Mehta

            Samyak Mehta added a comment - - edited

            Hi all,

            We have started rolling out support for NAA to our customers gradually. 
             
            What can we expect?

            1. Users may be asked to login again using Microsoft - This is normal. The add-in requires new NAA access tokens instead of the old cached identity tokens, so users may be asked to sign in again using their Microsoft login.
            2. The add-in requires admin grant to run - This is non optional. Adoption of NAA requires Microsoft admins to approve the add-in. They can do so for the entire org by following the steps here. Refer to the "Grant tenant-wide admin consent in Enterprise apps" pane section.
            3. Users may be asked to grant mailbox permissions - The add-in requires Graph API permissions to which the users may have to consent to continue uploading attachments to Jira.

            Note: After the login and admin consent, if the add-on still does not work, please ask the users to re-install the add-in as there may be some Microsoft cache at play.

            Thanks!

            Samyak Mehta added a comment - - edited Hi all, We have started rolling out support for NAA to our customers gradually.    What can we expect? Users may be asked to login again using Microsoft  - This is normal. The add-in requires new NAA access tokens instead of the old cached identity tokens, so users may be asked to sign in again using their Microsoft login. The add-in requires admin grant to run -  This is non optional. Adoption of NAA requires Microsoft admins to approve the add-in. They can do so for the entire org by following the steps here . Refer to the " Grant tenant-wide admin consent in Enterprise apps" pane  section. Users may be asked to grant mailbox permissions -  The add-in requires Graph API permissions to which the users may have to consent to continue uploading attachments to Jira. Note: After the login and admin consent, if the add-on still does not work, please ask the users to re-install the add-in as there may be some Microsoft cache at play. Thanks!

            All comments

            Pinned by Samyak Mehta

            Samyak Mehta added a comment - - edited

            Hi all,

            We have started rolling out support for NAA to our customers gradually. 
             
            What can we expect?

            1. Users may be asked to login again using Microsoft - This is normal. The add-in requires new NAA access tokens instead of the old cached identity tokens, so users may be asked to sign in again using their Microsoft login.
            2. The add-in requires admin grant to run - This is non optional. Adoption of NAA requires Microsoft admins to approve the add-in. They can do so for the entire org by following the steps here. Refer to the "Grant tenant-wide admin consent in Enterprise apps" pane section.
            3. Users may be asked to grant mailbox permissions - The add-in requires Graph API permissions to which the users may have to consent to continue uploading attachments to Jira.

            Note: After the login and admin consent, if the add-on still does not work, please ask the users to re-install the add-in as there may be some Microsoft cache at play.

            Thanks!

            Samyak Mehta added a comment - - edited Hi all, We have started rolling out support for NAA to our customers gradually.    What can we expect? Users may be asked to login again using Microsoft  - This is normal. The add-in requires new NAA access tokens instead of the old cached identity tokens, so users may be asked to sign in again using their Microsoft login. The add-in requires admin grant to run -  This is non optional. Adoption of NAA requires Microsoft admins to approve the add-in. They can do so for the entire org by following the steps here . Refer to the " Grant tenant-wide admin consent in Enterprise apps" pane  section. Users may be asked to grant mailbox permissions -  The add-in requires Graph API permissions to which the users may have to consent to continue uploading attachments to Jira. Note: After the login and admin consent, if the add-on still does not work, please ask the users to re-install the add-in as there may be some Microsoft cache at play. Thanks!

            Steve Necovski added a comment -

            I am experiencing the same issue Carl P is as well

            Steve Necovski added a comment - I am experiencing the same issue Carl P is as well

            Carl P added a comment -

            Hi there,

            Unfortunately during this process, it has stopped working for us completely - it displays "Need admin approval" for each of our users who tries to use this add-in.

            Any updates or progress on this would be greatly appreciated.

            Carl P added a comment - Hi there, Unfortunately during this process, it has stopped working for us completely - it displays "Need admin approval" for each of our users who tries to use this add-in. Any updates or progress on this would be greatly appreciated.

            Volodymyr Hensorskyi added a comment -

            Due to limitations previously posed by Microsoft, the NAA approach was unable to fully replace the exchange of tokens, which temporarily halted our migration process. Microsoft has since acknowledged this and has released a new Graph API that enables us to retrieve the necessary information for migration.

            To ensure uninterrupted Outlook integration, Microsoft has added our application to their exclusion list, so there will be no impact on functionality during this transition.

            We are currently evaluating the new endpoint provided by Microsoft and are looking towards completing the migration. We will keep you updated on our progress and notify you once the migration is complete.

            Thank you for your understanding and patience.

            Best regards,
            Volodymyr Hensorskyi

            Volodymyr Hensorskyi added a comment - Due to limitations previously posed by Microsoft, the NAA approach was unable to fully replace the exchange of tokens, which temporarily halted our migration process. Microsoft has since acknowledged this and has released a new Graph API that enables us to retrieve the necessary information for migration. To ensure uninterrupted Outlook integration, Microsoft has added our application to their exclusion list, so there will be no impact on functionality during this transition. We are currently evaluating the new endpoint provided by Microsoft and are looking towards completing the migration. We will keep you updated on our progress and notify you once the migration is complete. Thank you for your understanding and patience. Best regards, Volodymyr Hensorskyi

            Steve Necovski added a comment -

            Will you be updating me when this is resolved?

            Steve Necovski added a comment - Will you be updating me when this is resolved?

              222c2bddefe9 Samyak Mehta
              119d25e0f528 Gabi Paludo
              Votes:
              22 Vote for this issue
              Watchers:
              35 Start watching this issue

                Created:
                Updated: