-
Type:
Suggestion
-
Resolution: Fixed
-
None
-
Component/s: Documentation - All
-
None
PROBLEM STATEMENT
As an Administrator who is trying to update my Jira Mail Server Authentication Settings, I am found lost and confused while trying to generate the correct Oauth2 key and secret in Azure to add to Jira
DESCRIPTION
Administrators have documentation to switch Jira's mail settings from basic to oauth2, however, they are currently required to jump between our amazing documentation to Microsoft's much more technical documentation.
Support is seeing a trend where Microsoft's documentation is too complicated, or confusing, and administrators are reaching out for additional assistance to help generate the oauth2 app in Azure and pull the data back into Jira, in order to complete this update.
IDEA
We should provide basic steps to follow in Azure in order to help administrators generate a new app, oauth2 key/secret, grab the URL, and put it all back into Jira.
This document must have a disclaimer at the top of the page to indicate that the steps could help, and that it's outside of support's scope.
RESEARCH DONE
- The steps required are available at the bottom of this link: https://hello.atlassian.net/wiki/spaces/~7012172c9f6a82b294586b62f765eac10e152/pages/1905114768/Basic+to+Oauth2+-+Microsoft
1. Jira Side: 1. Log in as a user with the JIRA System Administrators with global permission. 2. Navigate to Administration → System → OAuth 2.0 3. Click on Add new integration 4. At the Service provider, select Microsoft 5. Click on Copy at the Redirect URL field 2. In Azure 1. Login to https://portal.azure.com/ 2. Click on App registrations 3. Click on New registration 4. Let's pickup a friendly name so it will be easier to identify 5. Under the "Supported account types" section, choose "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)" 6. Under the "Redirect URI" section, let's pickup Web and insert the URL from the step #5 above 7. Click on Register 8. Click on API permissions 9. Click on Add a permission 10. Click on Microsoft Graph 11. Select Delegated permissions 12. Let's select the following permissions: 1. OpenId permissions: offline_access 2. IMAP: IMAP.AccessAsUser.All 3. POP: POP.AccessAsUser.All 13. Click on Add permissions 14. Click on Grant admin consent for ... 15. From the left-hand menu, Click on Certificates & secrets 16. Click on New client secret 17. Choose a description and expiration date 18. Take note of the Value generated (this will be used as the "Client secret" at Jira). This will only be visible one time. 19. Click on Overview 20. Take note of the Application (client) ID (this will be used as the "Client ID" at Jira) 21. Let's go back to Jira and complete the configuration by inserting the following details: 1. Client ID (from step #25 above) 2. Client secret (from step #23 above) 3. Scopes: "https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/POP.AccessAsUser.All" and "offline_access" 22. Click on Save 23. Test the connection 24. If the connection was successful, please proceed 3. Back in Jira: 1. Navigate to Administration → System → Incoming Mail 2. Click on Add mail server 3. At the Service Provider field, let's pick up Microsoft Exchange Online / Outlook (IMAP) 4. At the Username field, insert the email address being used by Jira 5. At the Authentication method field, select the new server created under the OAuth 2.0 menu 6. Click on Authorize 7. Click on Test Connection and ensure it’s successful 8. Click on Save
RELEVANT DATA
- This has also been added to a Community article: https://community.atlassian.com/t5/Jira-Software-questions/Why-can-t-I-connect-to-Microsoft-with-oAuth2-0-setup/qaq-p/1549086
ADDITIONAL NOTES
- Relates to: https://confluence.atlassian.com/jirakb/what-service-provider-do-i-select-for-connecting-to-microsoft-exchange-online-using-oauth-2-0-and-pop3-1108485003.html
- Will need a similar article for Google Mail as well - Will link a new doc update for that
Detailed steps to configure OAuth 2.0 integration with Microsoft Azure
- Mentioned in