> ## Documentation Index
> Fetch the complete documentation index at: https://docs.opal.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Jira

> Learn how to connect your Opal instance with Jira.

With Opal, you can sync your engineers' access requests with your Jira support tickets in order to grant access for the lifetime of the support ticket. When the ticket is closed (marked "Done"), access is also revoked. Opal supports Jia Software and Jira Service Management (JSM) projects. For JSM projects, [additional setup](/integrations/jira#jira-service-management) is required.

## Jira Cloud

Use the following steps to integrate Jira with Opal if you use Jira Cloud.

### 1. Create a Jira API token

Opal requires an administrator of your Jira workspace to create a [Jira API token](https://id.atlassian.com/manage-profile/security/api-tokens). Click **Create API token** and record the generated token. You'll use this in the next step.

<img src="https://mintcdn.com/opalsecurity/4Xj9diJ3E3kX-9Xd/images/docs/ef9cb48-Screenshot_2021-01-13_at_10.34.34_AM.png?fit=max&auto=format&n=4Xj9diJ3E3kX-9Xd&q=85&s=5a7e11f814c603e25594b191925302da" alt="" width="1420" height="326" data-path="images/docs/ef9cb48-Screenshot_2021-01-13_at_10.34.34_AM.png" />

### 2. Add your Jira details to Opal

To enable the Jira integration in Opal, go to **Configuration > Settings > Productivity Integrations** in the Opal dashboard.

1. Select **Jira** and enter your Jira workspace name—e.g., if your Jira workspace is `https://jiraworkspace.atlassian.net`, enter `jiraworkspace`.
2. Enter the name of the Jira project you want to integrate.
3. Finally, enter the API token from the previous step.

Once complete, you've successfully integrated Jira with Opal. You can now load and bind Jira tickets from the project name from the Jira workspace you specified.

## Jira Data Center

<Info>Jira 8.14 or later is required.</Info>

Use the following steps to integrate Jira with Opal if you use Jira Data Center.

### 1. Create a Personal Access Token

Opal requires the administrator of your Jira workspace to create a Personal Access Token. Select your profile picture at the top right of the screen, then click **Personal Access Tokens**. Select **Create token**. Give your new token a name. Finally, click **Create** and record the generated token. This will be input in the next step.

<img src="https://mintcdn.com/opalsecurity/CCjTTkaW-43B4efd/images/docs/f67e14c-Screen_Shot_2021-07-29_at_10.48.53_AM.png?fit=max&auto=format&n=CCjTTkaW-43B4efd&q=85&s=5f24988e6c59d7864c18614a773dcd77" alt="" width="1209" height="210" data-path="images/docs/f67e14c-Screen_Shot_2021-07-29_at_10.48.53_AM.png" />

### 2. Add your Jira details to Opal

To enable the Jira integration in Opal, go to **Configuration > Settings > Productivity Integrations** in the Opal dashboard.

1. Select **Jira**, then **Self-hosted**.
2. Enter the URL of your Jira instance, e.g., `https://jira.acme-corp.com`.
3. Enter the name of the Jira project you want to integrate.
4. Finally, enter the Personal Access Token from the previous step.

Once complete, you've successfully integrated Jira with Opal. You will be able to load and bind Jira tickets from the project name from the Jira workspace you specified.

## How it works

For any access request, binding to a support ticket is optional.

After Jira is integrated, when making a request, the option to "Expire access when ticket is closed" can be enabled.

<img src="https://mintcdn.com/opalsecurity/odnvD_MsXBxTor9u/images/docs/80e9c4248ce34d30361b9cd05ce3aecdbab72f22d6cdad6e9966deba1a5cd787-request-access-expire-ticket.png?fit=max&auto=format&n=odnvD_MsXBxTor9u&q=85&s=56811a30bf5571035d1fee469ecfb400" alt="2408" width="2593" height="1484" data-path="images/docs/80e9c4248ce34d30361b9cd05ce3aecdbab72f22d6cdad6e9966deba1a5cd787-request-access-expire-ticket.png" />

By clicking "Search for tickets", a list of Jira tickets will appear, only including tickets which are assigned to you in Jira (the Jira account which corresponds to your Opal email address).

Click on any of these support tickets to attach the ticket to the access request.

By default, an expiration time bound is required when making any access request. After the request is approved, access expiration is determined by the combination of this expiration time bound and the closure of the support ticket. Access will expire according to the minimum of these two events: if the ticket is closed before the expiration time bound is reached, access will be revoked when the ticket is closed. Similarly, if the expiration time bound is reached before the closure of the ticket, access is revoked when the expiration time bound is reached.

If you want to attach an access request to a support ticket, without an expiration time bound, you may select "Indefinite" under the expiration options and bind the request to a support ticket.

## Jira Service Management

Most functionality is the same between Jira Software and Jira Service Managent projects. The key differences are:

1. Ticket links in Opal to Jira Service Management requests will show the requestor-facing URL rather than the agent URL. This requires setting up a request type `Access Change - Opal`.
2. If the access requestor in Opal does not have a Jira account, Opal will attempt to create a Jira customer account.

### Jira Service Management Project Setup

1. **Create an Issue Type: `Service Request - Opal`**

<img src="https://mintcdn.com/opalsecurity/lwwIeFbsleftxaXx/images/docs/bf2283f01b1601c5a52c2da75e019527da65d7c3193b9b4cafe5a36b699b25c3-Screenshot_2025-08-21_at_1.46.23_AM.png?fit=max&auto=format&n=lwwIeFbsleftxaXx&q=85&s=748ff67761761cd3bcda22c81549f356" alt="" width="3456" height="1462" data-path="images/docs/bf2283f01b1601c5a52c2da75e019527da65d7c3193b9b4cafe5a36b699b25c3-Screenshot_2025-08-21_at_1.46.23_AM.png" />

2. **Create a Request Type `Access Change - Opal`.**

Ensure that the Issue Type is `Service Request - Opal` Opal sets tickets to this request type in order to generate the requestor-facing URL. We recommend hiding this request type from the portal in order to separate Opal requests.

<img src="https://mintcdn.com/opalsecurity/E-CmJXh0QNjZUl4g/images/docs/61ae7538e766355b613c9c2a724d945cf2c784f79766101fd678aa3883e98e28-Screenshot_2025-08-21_at_1.50.11_AM.png?fit=max&auto=format&n=E-CmJXh0QNjZUl4g&q=85&s=bb2f9ed3731df31e6e25d80d84f2ecd8" alt="" width="3448" height="1300" data-path="images/docs/61ae7538e766355b613c9c2a724d945cf2c784f79766101fd678aa3883e98e28-Screenshot_2025-08-21_at_1.50.11_AM.png" />

3. **Enable the `Request Type/Customer Request Type` and `Reporter` field on the screens associated with your Issue Type**

In your Project Settings, go to `Screens` and find the one associated with your Issue Type (`Service Request - Opal`). Each operation may be associated with a different screen. If they are different, you will need to update each screen to include both fields.

<img src="https://mintcdn.com/opalsecurity/odnvD_MsXBxTor9u/images/docs/85f5bfde5bf1b5f79a4b24753befd5bb949f40de115a41589b58056912b058b5-Screenshot_2025-08-21_at_1.55.20_AM.png?fit=max&auto=format&n=odnvD_MsXBxTor9u&q=85&s=fac000ea83f261ac1e377e3b2da3e663" alt="" width="2370" height="1690" data-path="images/docs/85f5bfde5bf1b5f79a4b24753befd5bb949f40de115a41589b58056912b058b5-Screenshot_2025-08-21_at_1.55.20_AM.png" />

<Info>
  For Jira Cloud customers, the field is `Request Type`.

  For Jira Data-Center customers, the field is `Customer Request Type`.
</Info>

<img src="https://mintcdn.com/opalsecurity/KunPWigry5GIeB5g/images/docs/4540994df37aafc18dd3df2072b541e1b5088e5806cb9c29e3f02f765d54069c-Screenshot_2025-08-21_at_1.57.52_AM.png?fit=max&auto=format&n=KunPWigry5GIeB5g&q=85&s=650c71e8248a42e9e1bf197d549b594a" alt="" width="3316" height="1666" data-path="images/docs/4540994df37aafc18dd3df2072b541e1b5088e5806cb9c29e3f02f765d54069c-Screenshot_2025-08-21_at_1.57.52_AM.png" />

4. **Enable allowing creation of portal-only accounts.** If an Opal email does not exist in Jira, we will attempt to create a customer account.

### Jira Data-Center - Enable portal-only accounts

In your admin settings, go to `Configuration` to enable Public signup.

<img src="https://mintcdn.com/opalsecurity/KunPWigry5GIeB5g/images/docs/4ac1a4c1e9166a21a655a4838869d2a5c38ad640647fd84439fb915826bb7d31-Screenshot_2025-08-21_at_2.05.19_AM.png?fit=max&auto=format&n=KunPWigry5GIeB5g&q=85&s=8b183d57d9c136488ad1d57553829bf4" alt="" width="2206" height="1208" data-path="images/docs/4ac1a4c1e9166a21a655a4838869d2a5c38ad640647fd84439fb915826bb7d31-Screenshot_2025-08-21_at_2.05.19_AM.png" />

Enable one of `Customers who have an account on this Jira Site` or `Anyone can raise a request on the customer portal`

<img src="https://mintcdn.com/opalsecurity/KunPWigry5GIeB5g/images/docs/4d0921882b881e22122f37b2ef6410414c9b6462d6d649785361a9eb166700b7-Screenshot_2025-08-21_at_2.24.03_AM.png?fit=max&auto=format&n=KunPWigry5GIeB5g&q=85&s=bb01c0b15909228d20505f2b81f6ec56" alt="" width="2210" height="774" data-path="images/docs/4d0921882b881e22122f37b2ef6410414c9b6462d6d649785361a9eb166700b7-Screenshot_2025-08-21_at_2.24.03_AM.png" />

### Jira Cloud - Enable portal-only accounts

In your admin settings, under `Products` -> `Jira Service Management` -> `Customer Access`. Enable `Allow portal-only accounts to be created for new customers` . This is required in case the email address in Opal does not have a Jira account but would still like to make a request. When creating a ticket, Opal will set the requestor in Opal as the reporter in Jira. This will allow the user to see all their tickets in Jira.

<img src="https://mintcdn.com/opalsecurity/odnvD_MsXBxTor9u/images/docs/890ccc4b8c095eca7e200456f309471efeeb84ee683e90833e2e93474f9f0c27-Screenshot_2025-08-18_at_1.59.59_PM.png?fit=max&auto=format&n=odnvD_MsXBxTor9u&q=85&s=d42d5bc382855c32015b6289dfeb1b3b" alt="" width="3452" height="1742" data-path="images/docs/890ccc4b8c095eca7e200456f309471efeeb84ee683e90833e2e93474f9f0c27-Screenshot_2025-08-18_at_1.59.59_PM.png" />

In the JSM project settings, set `Channel Access` to `Open`

<img src="https://mintcdn.com/opalsecurity/odnvD_MsXBxTor9u/images/docs/8dcf03c4454984542de4651eb3049578215a30e3bb10d0a5762a51c3650e58fb-Screenshot_2025-08-18_at_2.05.27_PM.png?fit=max&auto=format&n=odnvD_MsXBxTor9u&q=85&s=13de5c83ceb00e84a3661f99cffb0ebe" alt="" width="3444" height="1612" data-path="images/docs/8dcf03c4454984542de4651eb3049578215a30e3bb10d0a5762a51c3650e58fb-Screenshot_2025-08-18_at_2.05.27_PM.png" />

4. **Enable service accounts to modify the `Reporter` field on a JSM ticket**

In your Jira admin settings, go to `Work Items` -> `Permission Schemes` -> Click on the `Permissions` tab of associated with your JSM project

<img src="https://mintcdn.com/opalsecurity/odnvD_MsXBxTor9u/images/docs/7b1e5048ab5b5ac12a940a784d10bcfd4c76dc3263d12387bf411a02cbf9898c-Screenshot_2025-08-18_at_2.21.52_PM.png?fit=max&auto=format&n=odnvD_MsXBxTor9u&q=85&s=82aa32359dfa090fda0459dcf71797ec" alt="" width="3350" height="1676" data-path="images/docs/7b1e5048ab5b5ac12a940a784d10bcfd4c76dc3263d12387bf411a02cbf9898c-Screenshot_2025-08-18_at_2.21.52_PM.png" />

Ensure that the service account used in Opal is granted the `Modify Reporter`permission through a `Project Role` or `Group`

<img src="https://mintcdn.com/opalsecurity/E-CmJXh0QNjZUl4g/images/docs/5df932753864b8b285b148fe81f32d8f8d5602c2aca70d784c476d6de09d24be-Screenshot_2025-08-18_at_2.23.48_PM.png?fit=max&auto=format&n=E-CmJXh0QNjZUl4g&q=85&s=581471fb2e9b8a4d9d9c2be7749f4141" alt="" width="2764" height="260" data-path="images/docs/5df932753864b8b285b148fe81f32d8f8d5602c2aca70d784c476d6de09d24be-Screenshot_2025-08-18_at_2.23.48_PM.png" />

***