Best practices for integrating with on-premise Jira

Note: This support document is related to integrating with on-premise Jira Server, not Jira Cloud.

Aha! supports an integration with Jira so that releases, features, and requirements created in Aha! can be sent to Jira for an engineering team to work on. The integration uses the Jira REST API to create and update records in Jira while Jira webhooks are used to notify Aha! of changes in Jira. This allows Aha! to keep the feature status and other fields in sync with Jira as defined in your integration configuration. Communication between Aha! and Jira occurs over HTTPS in both directions. 

Data flow 

jira_data_flow.png

Recommendations for network configuration

Following these recommendations is not essential, but doing so improves the usability and security of the integration.

  • Aha! makes asynchronous inbound calls to Jira, so the Aha! data center IP addresses must be whitelisted in any firewall configuration. See "Whitelist IP addresses for on-premise versions of Jira" for current IP addresses.
  • Use split DNS for the Jira server — so the same DNS name can be used for access to Jira both inside and outside the firewall. In API responses that Jira sends, it includes the URL for attachments. If the URL provided by the server is only resolvable from the LAN, then Aha! will not be able to synchronize attachments that were added in Jira to Aha!
  • Use a web proxy for incoming requests to Jira so that the connection from Aha! can be terminated in the DMZ.

Recommendations for secure configuration in Jira

  • Create a new Jira user specifically for the integration with Aha! The credentials for this user will be entered into Aha! Doing so allows permissions to be customized and allows traceability of changes made by integration. All changes made in Jira by Aha! will be attributed to this user.
  • Limit permissions of the integration user to only the projects in Jira that will be integrated with Aha!
  • Use a JQL filter in the webhook configuration to limit the webhook to only send information for projects that are integrated with Aha!

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request
Powered by Zendesk