Application Access Automation Rule

With the Application Access rule, you can automatically provision access to a connected application when a JSM request is approved. Access can be permanent or time-limited. This guide walks you through creating and configuring the rule from start to finish.

    Try it for free

Pre-requisites

  1. Jira and JSM admin access You need admin permissions in both Jira and Jira Service Management to create and save rules.
  2. A connected application At least one application must already be connected to the Identity Governance app via App Connections. Confirm this before creating a rule.
  3. A JSM project and request type set up for access requests You need an existing JSM project with a dedicated request type for application access requests. One request type can only be used by one automation rule, so make sure the request type you plan to use is not already assigned to another rule.
  4. Your Approved and Rejected workflow status names Make note of the exact JSM workflow status names for approval and rejection in your project. You will need them when configuring the Access Decision Mapping block.
  5. A custom field created and added to the request type form The rule builder only shows fields that are already on the request type form. Before building the rule, make sure the following field exists on your form.
    • A field for Target Application: Used to capture which application the requester is asking for access to.
    • A date field for access expiry: Required only if you plan to offer time-limited access.

Installation

  • Log in to your Jira instance and go to Apps in the top navigation bar.
  • Select Explore more apps and search for Identity Governance, Auditing and Access Control via JSM.
  • Click Try it free to start a trial, then follow the prompts to install the app.
  • Once installed, open the app from Apps in the top navigation bar. You will see the app sidebar with Dashboard, App Connections, Automation, Role Catalog, and Audit Logs.

1: Connect your application

Before creating a rule, confirm your target application is connected.

  • In the app sidebar, click App Connections.
  • Verify your application is listed and its status shows as connected.
  • If it is not connected yet, add it here before continuing.

2: Create an Application Access rule

  • Click Create Rule in the top right corner.
    • Create rule in Identity Governance
  • In the app sidebar, click Automation → Access Management.
    • Access management rule in automation tab
  • On the use case screen, click Application Access.
    • Application access in Identity Governance

3: Configure the Project block

The Project block is the trigger for your rule. It tells the app which JSM project and request type to watch.

  • In the rule builder, click the Project block to open its settings panel on the right.
  • Under Project, select your JSM project from the dropdown.
  • Under Request Type, select the request type designated for application access requests.
App access rule in access management

Once both are selected, the field mapping options in the next block will become available. This block must be completed before any other block will load its fields correctly.

4: Configure Access Definition and Mapping

This block defines how long access lasts and which application the requester is asking to access.

  • Click the Access Definition and Mapping block to open its settings panel.

Access Duration

  • Select Permanent if access should not expire.
    • Access definition permanent
  • Select Temporary if access should expire on a set date. A date field will appear, map it to the expiry date field on your JSM request form. The requester will need to fill in a date on every request; this field is never pre-filled automatically.
    • Access definition temporary

Target Application

  • Under Target Application (from access request), select the JSM field where the requester specifies which application they want access to.

Once approved, the app will automatically retrieve the entitlements for that application from your App Connection configuration and provision access accordingly.

5: Configure the Approval block

  • Click the Approval block to open its settings panel.
  • Under Assignee Users Field, select the field that defines who the approver is for requests of this type.
  • Under Add Users, search for and add any specific Jira users who should be able to approve requests.
  • If you want only the ticket assignee to be able to initiate the access request, toggle Only Assignee can Initiate on.
    • Configure approvers
Note: If you see a "Could not load approver fields" message, go back to Step 3 and confirm both the project and request type are selected.

6: Configure Access Decision Mapping

This block tells the app what to do when a request is approved or rejected.

  • Click the Access Decision Mapping block to open its settings panel.
  • Under Approval Status (JSM), select the JSM workflow status that means the request has been approved. When a ticket moves to this status, the app will execute provisioning or deprovisioning.
  • Under Rejection Status (JSM), select the JSM workflow status that means the request has been rejected. When a ticket moves to this status, no action is taken and the requester is notified via a comment on the ticket.
    • Access decision mapping

7: Save the rule

  • Click Save Rule in the top-right corner.

Test the rule

Before going live, run a quick test.

  • Submit a test request through the JSM portal.
  • Move the ticket to your approved status.
  • Confirm the requester has been granted access to the expected application.
  • Check that a comment was posted on the ticket confirming the outcome.

Did this page help you?

miniOrange Atlassian Contact Us

Book a Free Consultation with
Our Experts Today!

Schedule a call now!


Contact Us

@ Copyright 2026 miniOrange Security Software Pvt Ltd. All Rights Reserved.

Privacy Policy Terms of Service Cookies Preferences