Currently, Jira is using Applications integrations from GitLab. GitLab applications are OAuth clients, that can be used to create OAuth sessions that will have tokens created with permissions to act as the user whose session was created. This setup is particularly useful for integrating with external applications on behalf of a group of users, ensuring they have only the permissions normally granted by the external system.

However, when it comes to accessing the system at a broader level, this approach has its drawbacks. It tends to be linked to the credentials of a single system operator, without a direct connection to their platform account. Authentication for this broader access is initiated through a browser pop-up, using the operator's external system credentials to establish integrations, which are then tied to their personal account.

A more effective strategy might involve a combination of these methods. For individual user access, continue using application integrations to display only the external system integrations for which users have permissions. For broader system access, consider using an API token tied to an entity within the external system that is not associated with any specific user. This allows for more precise control over access rights, ensuring smoother integration at the system level without being limited by individual user permissions.