Jira is a popular, highly customizable issue and project management tool.
Better for You, Familiar for Them
By integrating Comply with Jira you can assign compliance work to your workforce in the tool they already use for their day-to-day duties. This saves you having to onboard users on to a new tool and enables your workforce to be productive with the tool they're already familiar with. Comply automatically creates tickets in Jira and syncs their status back when it's updated in Jira. This gives you the full picture of your compliance work in one place, no more digging through Jira when audit times comes.
After you've setup the integration (instructions below), you're ready to start assigning tickets in Jira through Comply.
First, create a Procedure. Proceed through the steps until you get to the status step. Here you're able to select your ticket's destination. The ticket can go to Comply or a Jira project you select from the dropdown. You can also edit a Procedure's destination after the fact.
You can select any Person you track in Comply to be the assignee in Jira, whether they have a Comply user account or not. Comply will try to find this person by their name in Jira and assign them to the issue. If they are not found, the issue will not have an assignee. The created Jira issue will include the guidance, notes, and asset information from Comply. The issue is given two labels specifying it is from Comply and the Ticket Template which you can use to power Jira automations.
The reporter field can be set only if the last person who authorized the Jira integration in Aptible also has the
MODIFY_REPORTER permission for the project in Jira. This permission is part of the default Administrator role in Jira projects. The reporter field will be set to the Person who created the ticket in Comply's corresponding Jira user. If the ticket was not created by a Person (example: created by an integration), then if the ticket has a Person Asset, the Asset Owner in Comply's corresponding Jira user will be set as the reporter. If neither a Person creator nor a Person Asset Owner have corresponding Jira users, the reporter will default to the last authorizer of the integration.
Tickets that are synced to Jira are not editable in Comply. A link to the Jira issue for a ticket is provided for your convenience. Comply will listen to changes in the Jira card's status and mark the ticket Closed when it is marked Done in Jira, giving you a single source of truth for all your compliance work in Comply.
The Jira integration pushes tickets to Jira and then listens for changes to its status. Jira has 3 types of statuses:
- To Do (gray)
- In Progress (blue)
- Done (green)
You may have many statuses in your Jira, but they all are one of these three types. When Comply detects a change to the issue's status it reacts in the following ways:
- When the new status is To Do or In Progress, the ticket is marked Open.
- When the new status is Done, the ticket is marked Closed.
- When an issue is deleted, the ticket is marked Cancelled.
In order for tickets to be tracked as complete in Comply you must have at least one Done status. For Jira Classic projects, you can manage this in Project Settings > Workflows. For Jira Next Gen projects, you can edit the columns on the Board page (the far right column is automatically your Done status).
Which account should I use?
The Jira account integration can be set up as a human user or a service account. The benefit of the human user is you can sock puppet and have the tickets write as the security officer or a more senior team member to bring attention to the tickets. The drawback of a human user is that the person who set up the integration may not really be a logical reporter for some types of tickets. A service account will save one person from being inundated with updates for all tickets created by the integration. if you use a service account we suggest you manage the credentials similar to as you would a human user in a password wallet or similar, as the integration does request admin access. If you change you mind later, there should be no impact on already created tickets if you swap it out the account that has connected the integration.
- Login in to a Jira account with admin level permissions.
- Create an Application Link. Go to Jira Settings > Products > Application Links, enter
https://comply-grc.aptible.com/into the text box, and click Create New Link. Jira may ask you about redirects or validating the domain, if so follow the on screen instructions to move past the validation.
- Fill in Aptible Comply as the application name in the following form and click Save. You do not need to fill out the rest of the form.
- You should now see an Aptible Comply item in the list. Click the pencil icon to edit it. Under the "Incoming Authentication" tab fill in the following values and click save:
Consumer Key: jira-oauth-production
Consumer Name: comply
-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDln4UuUZF3pHTLjlKqj95oPxXA jxgSnUBPUyb226QXGxO04WCr8L9IghqBkHwPCIxQPyWfpFQEqkBEittgSXUg+Psn w9pmqv3C2GKeV9tKcjhwOdunYnDgycTADw8zfmU2mrxmaRiUQb3vRGUcbDbWeCzR eHlwk5GAyVSxxcqzfQIDAQAB -----END PUBLIC KEY-----
- Navigate to the integrations tab in Comply, select the Jira integration, and authorize Comply to connect Jira.
The most common problems when setting up the integration are:
- Not creating an Application Link in Jira as described in the instructions.
- Not using a Jira admin account.
If you receive an error message when trying to sync create your integrated tickets, please check the above items and contact [email protected] if the problem persists.
Updated almost 2 years ago