Who can use this capability
To create or edit a workflow, the following permissions are required:
- You must be a Licensed User in the Smartsheet environment. This includes having Editor permissions or higher on any sheet mapped within the workflow.
- You must have a functional Jira account with adequate access rights to the Jira projects you wish to build a workflow.
Moreover, ensure that the initial connection to the Jira environment has been established through your plan's premium Smartsheet Jira Connector.
If your system admin activates the Restrict Users setting in the Jira Connector, you must also hold the Jira User role in Smartsheet.
Smartsheet Jira connector firewall settings (self-hosted server)
This article provides server and firewall requirements for a self-hosted server on the Smartsheet for Jira connector.
The Smartsheet Jira Connector is available as a premium offering.
If you have the Smartsheet Jira Connector purchased on your plan, use the following URL to log in and create workflows between Smartsheet and Jira: https://connectors.smartsheet.com/c/jira
If you have self-hosted Jira and a firewall protects your Jira Server, you may need to modify the configuration BEFORE setting up a connection between Jira Connector and the Smartsheet. To do so, follow the instructions in this section before completing the Connection setup.
- Jira version 7.2 or higher
- HTTPS connection and valid certificate
By default, Jira uses port 8080 or port 443. As a Jira Administrator can change the port Jira uses, confirm with your Jira Administrator which ports your Jira Server uses.
Enable Smartsheet Jira Connector through the Firewall
Two methods exist to expose your self-hosted Jira Server to the Smartsheet Jira Connector.
Option 1: Allow Connections to Jira
The Jira REST API operates on a custom port of the Apache Tomcat host. You only need to permit access to these specific paths on your Jira server:
You can restrict and prevent Internet connections to all other paths on your Jira Server.
Option 2: Reverse proxy
When you use a reverse proxy, configure Jira to recognize it for accurate URL and address handling. An: OAuth Signature Rejected error during setup may indicate the need for this configuration; see Atlassian's documentation.
Firewall error messages and FAQs
Error: Connection refused by Jira host. Please verify that the Jira host URL is correct and accessible.
This error appears if the Connector can't reach your Jira Server or if you've entered the Public and Consumer Keys incorrectly. Ensure the Jira Server REST API is accessible from the internet and uses an HTTPS-enabled port like 8080 or 443. HTTP is not supported.
Error: Unable to find a valid SSL certificate on the Jira host. Please have your Jira Administrator install a valid certificate (note that expired certificates are considered invalid).
This error occurs if your self-hosted Jira Server lacks a valid SSL certificate from a trusted authority. Common reasons for invalidity include:
- The certificate is not installed correctly.
- The intermediate certificate chain is missing.
- The certificate is from a trusted authority but may be signed by an untrusted authority.
If your Jira Server is publicly accessible, you can use a third-party SSL test tool (for example, SSL/TLS server assessment service provided by Qualys SSL Labs ) to verify the certificate's installation. Contact your certificate provider for help with any errors or missing components.
Are there IP addresses used with Jira I can add to the Allowlist in our firewall?
Adding specific IP addresses to the Allowlist of your firewall does not significantly improve security. Instead, add Smartsheet's DNS A record at aws.relay.smartsheet.com to your Allowlist; this record resolves to the Jira Connector's outgoing IP.
Smartsheet advises against resolving this DNS record to its underlying IPs for your Allowlist. IP changes can disrupt Smartsheet's ability to connect to your Jira Server. Using the DNS record ensures ongoing connectivity even if the IP addresses change.