monday.com logo
monday logo
Learning Resources by monday.com
Help Center
Tutorials and how-to guides for using monday.com
Academy
Interactive courses and webinars that will make you an expert
What’s new
Latest feature releases, improvements, and updates
Video Tutorials
Manage and collaborate on
team projects and tasks from
one place
API Documentation
Technical documentation that gives you the control
Get expert help
Hire a monday.com expert to optimize your workflows
Community
Become part of our community
Community forum
Learn with fellow monday.com enthusiasts
Local facebook communities
Join this community to find monday.com members near you
Global facebook communities
Join one of your most active social communities - the global monday group
Developer community
Share thoughts and questions with like-minded professionals who speak your language
Non Profit community
Give back to the community by working with a NGO or non-profit. Join our exclusive program
Support
Contact sales
Get started
What can we help you with?
  1. Support
  2. Connect & Automate
  3. Integrations
Security & IT: Jira Integration
    Was this article helpful?

    Security & IT: Jira Integration

    4 min read
    Feature

     

    At monday.com, security is a top priority. We want to make sure you're confident when you build out your workflow with us. This article will answer frequently asked questions about the security and IT implementation of the Jira cloud and server integration.

     

    The basics

    Who is the developer for the Jira Integration?

    The developer of the Jira Integration (both Jira cloud and server) is monday.com.

     

    What party originates the required network connection?

    While we're the one who originates the connection, both parties need to participate in order to create the connection successfully.

     

    Authentication

    How is authentication handled in this service?

    It's a token based authentication, where the user is entering their JIRA creds to monday.com, and from that moment forward the interaction between the two parties is being managed using an access token.

     

    For Jira server, does monday.com have a binary agent to install in our network which will manage the security components automatically?

    No. The Jira server configuration is based on typical HTTPS communications and any additional security filtering needs to be implemented on the user’s network firewall.

     

    Do you use CAL for logging or have you implemented your own logging system?

    We have implemented a SIEM solution, to which we stream logs from our NIDS, traffic logs from edge locations, and general authentication and authorization logs, both from the application itself as well as from infrastructure resources. Security events are regularly reviewed by a managed SOC team and are addressed in accordance with their severity.

     

    For Jira server, how can we setup integration with Jira when our Jira instance is behind a firewall/ VPN?

    There has to be some kind of access from the internet in order to integrate with Jira server or any 3rd party.

    Additionally, the following IP ranges need to be unblocked on your firewall/ VPN in order for the integration to work:

    • 82.115.214.0 / 24
    • This range (containing 256 public addresses 82.115.214.0 to 82.115.214.255) is used by our egress (outgoing) networking to send data out to customers. This range must be whitelisted to accept incoming connections from our infrastructure.
    • There is no way to whitelist our ingress (incoming) IP's, used to receive data from customers (like calling our API's) as we're using Cloudfare as our edge network provider, and they may change IP's at any time. This should not be a problem in most cases.

     

    Permissions

    Why are global admin permissions required?

    We use JIRA's REST API to create Webhooks and in order to do so, the credentials authorized need to be that of the JIRA admin with global permissions.

    image_6__15_.png

     

    What security controls apply? 

    • JIRA cloud: For monday.com<>third party app, for outbound we don’t have any enforcement, and for inbound the data is encrypted using TLS 1.2.
    • JIRA server:  For JIRA Server, it depends on the on premise server and on the person that will create the integration - if the client will type in a base url which uses http, and not https, then the communication will not be encrypted in transit. In general if they use https (ssl), with a valid trusted certificate - then the data will be encrypted on transit.

     

    For Jira server, is the application/API accessible only internally or would it be directly exposed to the internet?

    monday.com is accessible from anywhere and exposed to the internet. Your JIRA server is not, as it an on prem instance. Therefore in order to make these two objects work together, you're being requested to allow requests coming from monday.com (in the external world) to your server.

     

    Data transfer and storage

    What data is transferred?

    The data which is being transferred is based on the mapping defined by the user at the time of the integration configuration. The scopes are issues and projects on jira's end, and items on our end.

    image_6__16_.png

     

    Which data can we access and what can we do with it (read vs write)?

    The answer to this depends on the scopes of the API token:

    • The JIRA integration is a token based integration (not Oauth2), which means we don't ask for specific scopes. Neither monday.com nor the user can control the scopes of the API token. This is based on Jira's settings. Meaning - if some of the permissions are changed after authentication, we have no control over it - whether it will be in adding new API capabilities, or removing them.
    • With the above noted, monday.com will only access the requested data as populated in the recipe. Every time the integration is triggered, it will try to fetch ONLY the relevant data which is mandatory for the sake of the completion of the run. We don't do any unneeded API calls to fetch unused data. 

     

     

     


     

    If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.

    Noy Segal - Quality check

    Comments