Why does a Jira Administrator need to log in to configure the Smartsheet for Jira Connector?
Smartsheet leverages webhooks, allowing the Connector to receive notifications from Jira about Issues being created or updated in Jira. This also enables the implementation of automatic workflows. Jira's permission model (see the Jira support article on webhooks) dictates the application (in this case, Smartsheet) must have Jira System Administrator credentials to create or configure a webhook with the Jira REST API. Note the following:
- The Jira System Administrator’s credentials are only used to create and configure the webhooks.
- Each time a Licensed Smartsheet user creates a workflow in the Smartsheet for Jira Connector, they are required to log in with their own Jira account using the OAuth protocol. This ensures the permissions already configured in Jira for a user are enforced as they select Jira Projects and fields and attempt to retrieve or edit Jira data from Smartsheet.
- When Smartsheet reads or edits any data in Jira while the workflow runs, even if it's triggered from a webhook notification, Smartsheet uses the credentials of the person who created the workflow.
- All credentials are retrieved from the standardized OAuth protocol. Smartsheet will never have access to any Jira usernames or passwords.
The Jira System Administrator account used to set up the integration must be an active account. If the System Admin is removed from Smartsheet, an error will appear: “Missing user credentials for this endpoint.” When the user recovers their Smartsheet Sys Admin permission, the connection will be restored, and all workflows will sync as expected. If the Admin credentials are removed on the Jira side, you must rebuild the application link because the token will change.
Which Jira data does the Smartsheet Jira Connector access?
Smartsheet only retrieves data specified by a workflow. The workflow creator maps fields from Jira Projects to sheets and columns in Smartsheet.
Smartsheet retrieves certain kinds of metadata, such as the list of all fields in the Jira project selected when the workflow was created. This allows people with access to the Jira Connector and the associated project to map any of the fields available.
Other metadata includes, but isn’t limited to, a list of users in the specified Jira Project, allowing the user to assign an Issue in Jira from inside the Smartsheet application.
All retrieval of metadata and data uses the Jira user's OAuth credentials, not the System Administrator’s credentials. This ensures the user's Jira permissions are enforced as they select projects and fields or retrieve or edit Jira data from Smartsheet.