Applies to

Smartsheet
  • Business
  • Enterprise
Smartsheet Advance Package

Capabilities

Who can use this capability

  • Editor
  • Admin
  • Owner
  • System Admin

Smartsheet Jira connector firewall settings (self-hosted server)

This article provides server and firewall requirements for a self-hosted server on the Smartsheet for Jira connector. The Smartsheet Jira Connector is available as a premium offering. If you have the Smartsheet Jira Connector purchased on your plan, log in to start creating workflows between Smartsheet and Jira.

Who can use this?

Plans:

  • Business
  • Enterprise
  • Smartsheet Advance Package

Permissions:

  • Editor
  • Admin
  • Owner
  • System Admin

Find out if this capability is included in Smartsheet Regions or Smartsheet Gov.

Prerequisites

  • Jira version 7.2 or higher
  • HTTPS connection and valid certificate

By default, Jira uses port 8080 or port 443. As a Jira Administrator can change the port Jira uses, confirm with your Jira Administrator which ports your Jira Server uses.


Get started

To create or edit a workflow, you must have Editor permissions or higher and a functional Jira account with adequate access rights to the Jira projects you wish to build a workflow.

Moreover, ensure you’re connected to the Jira environment through the premium Smartsheet Jira Connector. If your System Admin activates the Restrict Users setting in the Jira Connector, you must also hold the Jira User role in Smartsheet.

If you have self-hosted Jira and a firewall protects your Jira Server, you may need to modify the configuration before setting up a connection between Jira Connector and the Smartsheet. To do so, follow the instructions in this section before completing the connection setup.


Enable the Smartsheet Jira Connector through the Firewall

Two methods exist to expose your self-hosted Jira Server to the Smartsheet Jira Connector.

 

Option 1: Allow connections to Jira

The Jira REST API operates on a custom port of the Apache Tomcat host. You only need to permit access to these specific paths on your Jira server:

  • https://<yourJirahost.com>/<context>/rest/* 
  • https://<yourJirahost.com>/<context>/auth/*
  • https://<yourJirahost.com>/<context>/plugins/*

You can restrict and prevent Internet connections to all other paths on your Jira Server.

 

Option 2: Reverse proxy

When you use a reverse proxy, configure Jira to recognize it for accurate URL and address handling. An OAuth Signature Rejected error during setup may indicate the need for this configuration; check out Atlassian's documentation.

Error: Connection refused by Jira host. Please verify that the Jira host URL is correct and accessible.

This error appears if the Connector can't reach your Jira Server or if you've entered the Public and Consumer Keys incorrectly. Ensure the Jira Server REST API is accessible from the internet and uses an HTTPS-enabled port like 8080 or 443. HTTP is not supported.

Error: Unable to find a valid SSL certificate on the Jira host. Please have your Jira Administrator install a valid certificate (note that expired certificates are considered invalid).

This error occurs if your self-hosted Jira Server lacks a valid SSL certificate from a trusted authority. Common reasons for invalidity include: 

  • The certificate is not installed correctly.
  • The intermediate certificate chain is missing.
  • The certificate is from a trusted authority but may be signed by an untrusted authority.

If your Jira Server is publicly accessible, you can use a third-party SSL test tool (for example, SSL/TLS server assessment service provided by Qualys SSL Labs) to verify the certificate's installation. Contact your certificate provider for help with any errors or missing components.

Are there IP addresses used with Jira I can add to the Allowlist in our firewall?

Adding specific IP addresses to the Allowlist of your firewall doesn't significantly improve security. Instead, add Smartsheet's DNS A record at:

  • aws.relay.smartsheet.com (for US)

    or

  • aws.relay.connectors.smartsheet.eu (for EU)

This record resolves to the Jira Connector's outgoing IP.

Smartsheet advises against resolving this DNS record to its underlying IPs for your Allowlist. IP changes can disrupt Smartsheet's ability to connect to your Jira Server. Using the DNS record ensures ongoing connectivity even if the IP addresses change.

However, if you want to use IP addresses, you can add the following:

US CommercialEU Commercial
98.80.23.123
54.157.54.169
52.204.43.171
34.227.211.250
54.235.179.6
3.224.32.218
98.80.45.99
98.80.158.43
54.159.146.16
52.5.43.47
98.80.22.69
107.20.173.108
3.139.159.141
3.138.57.194
52.15.39.139
3.16.179.80
3.16.201.183
3.14.89.245
3.140.222.51
3.140.168.101
54.93.118.54
3.126.112.245
3.73.171.120
18.184.190.206
18.196.67.16
18.196.132.133
3.123.123.251
3.72.163.85
52.209.63.161
54.73.146.126
108.128.215.0
54.220.119.129
54.72.92.127
63.33.121.81
54.76.4.106
52.17.24.48