This article contains the answers to the most popular questions in regard to how our Jira Cards integration is built.
Learn more about Jira Cards in these articles as well:
- Jira Cards
- How to set up and to uninstall Jira Cards
- How to set up webHook for Jira Cards
- Possible issues with Jira Cards and Jira Add-on
Question | Answer |
---|---|
Security |
|
How does the Jira-Miro authentication work? |
The protocol used is OAuth 1.0. Currently, Atlassian supports only this protocol. OAuth 2.0 authorization code grants (3LO) is currently in developer preview. |
Is data secured in transit between Jira and Miro? | We use the TLS security protocol. It encrypts HTTP messages before transmission and decrypts messages upon arrival. We also support mutual TLS for Enterprise plan. |
Do you support mutual TLS? |
Yes, learn more. |
Will Miro retain any of the customer’s Jira data? If yes, how long is the retention period and how will the data be secured? |
Yes, Miro retains the card's data which are added to the board. Also, the data are updated if the webhooks are configured during the Jira Cards plugin setup process. The retention period is unlimited. Only the general Miro security protocols are applied. |
Is there a way we can restrict the information that can be retrieved from Miro? Ie. let’s assume we only want to see the ‘title’ and ‘status‘, can we prevent access to other fields such as ‘description’ or ‘attachment’ to any user in Miro? | We did not find any mention in Atlassian's documentation of how to limit the information to just a few fields. |
Can we have a diagram showing the data flow between Jira and Miro, such as during authentication, normal usage, etc.? | The detailed info can be found in this Jira Developers article. We implement our integration according to Atlassian documentation. |
How is the token handled? |
The token persists for 5 years unless revoked. We cannot change the token's expiration date, as this policy is defined on the Atlassian side. You can revoke the token on the Jira side using web UI. Keep in mind that each new token stops the integration from working and requires reconnecting it on the Miro side (click the Connect button when setting up the integration). |
Is a single access token used for all of the customer’s Jira access, or separate tokens used for individual users? |
Every Miro user who intends to import, create or edit Jira Cards must connect their individual Jira credentials. All of the above actions can only be performed on behalf of individual Jira credentials. |
How are the request tokens, access tokens, private keys, and other OAuth secrets/credentials secured? |
During the integration, only access tokens are used. They are securely stored within the database and are used only on the server-side. The authToken is only used for the webhook. It is not the actual authentication token used by OAuth. Requests are sent over an encrypted connection. The secret key is auto-generated and is associated as per team. |
What endpoints does your integration use? |
POST /rest/webhooks/1.0/webhook |
Will the cards work with Jira Datacenter? | Yes. We are approved by Atlassian and we already have a lot of customers successfully using Jira Cards with Datacenter. The installation procedure is the same. |
What IPs are you using to communicate to the Jira system? |
The list of our static IP addresses can be found here. Note that these are the addresses used only to communicate with the Jira system. Miro app's IPs are dynamic and to ensure that all the functionalities on the Miro boards (including some of those related to Jira cards) perform successfully we ask to add our domains to your allowlist. |
Can we integrate Jira with Miro, but blocking in Miro those Jira issues with Security Level set to "Private"? |
No, that is not possible - Security Levels in Jira do not correlate with Miro. |
General |
|
Can we connect Miro to Jira if we are using a Jira server that is closed off to outside networks/a Jira instance that is available locally only? |
Miro is an online tool, so you can only set up the integration if your Jira is open to the public internet. No workarounds here. |
Can we connect multiple Jira instances to a Miro team? | No, it's one Jira instance per team. |
Will Miro create a webhook per team, per project, or per Miro instance? | Yes, if you use automatic webhooks. A webhook is created during the team authorization with Jira, so the webhooks are created per team. |
Does the Jira Cards plugin support Next-Gen projects? |
Yes, it does. Please note that currently, there is no Epic link/field when creating a Jira Card for a Next-Gen project on Miro's side. |
Are custom Jira fields supported? | Yes, we support almost all custom fields of basic types. If you have a complex data type field, it may not be supported and cause unexpected behavior when updating or creating Jira cards on the board. |
What's going to happen with existing Jira Cards in case we switch to another Jira instance? | Your cards will stay on Miro boards (no data loss) but they will stop updating. |
What's going to happen with existing Jira Cards if we move them from one Project to another on Jira's side? |
Currently, when you move Jira issues from one Project to another in Jira, they no longer update on Miro's side. As a workaround, we suggest you copy a Jira issue URL (Ctrl/Cmd+C) and paste it into a Miro board (Ctrl/Cmd+V). Thus, a Jira Card will show new values and will be updated automatically. |
If a board is moved to another Miro team, what will happen to Jira cards on the board? |
The Jira Cards will stay on the board but no one will be able to modify them (even if the same Jira instance is configured for the target team). When clicking a card, you will see a message: "JIRA Card was imported from another account". If you would like to make the cards editable, please import them to the board anew. |
Is there an additional cost for the Jira Cards integration? |
Jira Cards are available on all paid and Education plans at no additional cost (Starter, Business, Consultant, Education, and Enterprise plans). |
If a user goes to a Miro board and logs in to Jira, will they have access to all the Jira Cards details on the board or only the ones that they are authorized to have access to as per their Jira credentials?
|
The permissions for the Jira Cards integration ensure that users can only create and edit cards in Jira projects that they have access to. |