Setup Guide to integrate Entra ID (Azure AD)

How to Set Up Access Governance Automation App for Jira with Entra ID (Azure AD)

Welcome to the setup guide for the Access Governance Automation app for Jira — your go-to solution for streamlining and automating access requests using Jira Service Management (JSM) and Microsoft Entra ID (formerly Azure AD).

This step-by-step guide will help you:

  • Integrate Entra ID with the app
  • Automate access approvals and provisioning
  • Improve visibility, compliance, and control over access management

By the end of this guide, you’ll have a secure, rule-based workflow in place for handling access requests across your organization — directly from your Jira portal.

App Overview

The Access Governance Automation app for Jira is an advanced solution built on Jira Service Management (JSM) to simplify and automate access request workflows across your organization.

It supports integration with major enterprise platforms, including:

  • Okta
  • Entra ID (Azure AD)
  • AWS
  • Google Workspace
  • Jira, Confluence, Bitbucket, and GitHub

Instead of relying on manual request and approval steps, the app enables:

  • End users to submit access requests through the JSM portal.
  • Automated routing of approval workflows based on predefined rules.
  • Instant provisioning actions once approvals are complete.

By automating these processes, the Access Governance Automation app for Jira ensures secure, policy-driven, and audit-ready access management across your tech ecosystem.

    Try it for free

Pre-requisites

Before you begin, make sure you have the following:

  • Admin access to Jira Service Management (JSM): Required to configure workflows, custom fields, and automation rules.
  • Admin access to Entra ID (Azure AD) portal: Needed to authorize integrations and manage access provisioning.
  • Access Governance Automation app for Jira: Ensure the app is installed from the Atlassian Marketplace and properly licensed via miniOrange.

1: Register an App in Entra ID(Azure AD)

To begin the integration, register a new app in Microsoft Entra ID (formerly Azure AD):

  • Log in to your Azure Portal.
  • Navigate to Azure Active Directory → App registrations.
    • Azure Portal with App registrations options highlighted
  • Click New Registration and fill the following details:
    1. Name: Provide Name for new application, for eg, miniOrange Access Automation App
    2. Redirect URL: Leave blank or enter dummy if required
    • App registrations form inside the Azure Portal
  • After registration, go to the App Overview page and copy the Client ID and Tenant ID.
    • App overview section that lists all essential details such as Client ID and Tenant ID
  • Under Certificates & Secrets → Client secrets, click New client secret.
    1. Add a description and expiration period.
    2. Copy the secret value and keep it on your person (you won’t be able to view it again later).
    • The Certificates & secrets tab inside the miniOrange Access Automation app
  • Navigate to API Permissions and click Add a permission
    1. Select Microsoft Graph → Application permissions.
    2. Add:
      User.ReadWrite.All
      Group.ReadWrite.All
    • The API permissions tab inside the miniOrange Access Automation app
  • Click Grant admin consent to apply these permissions.

2: Integrate Entra ID with the Access Governance Automation App

  • Navigate to the miniOrange App → Application Integration section in Jira.
  • Click New Application, then select Entra ID.
  • Enter the following details from Step 1:
    1. Client ID: The Client ID generated during app registration
    2. Application Token: The Client Secret you created
    3. Directory ID: The Tenant ID from Entra ID
  • Fill in Application Name and Application Owner fields as needed.
  • Click Save, then Test Connection to verify that the integration is successful.
    • Application Integration window with app integration options Application Connection form to help you connect the Workflow app with Entra ID

3: Define Access Rules

  • Navigate to miniOrange App → Application Integration → Access Rules.
  • Create a new access rule for each application you want to manage.
  • Configure the following for each rule:
    1. Access Level: Specify roles like User, Admin, etc.
    2. Access Groups: Define groups such as jira-software-users.
    3. Approvers: Assign the users or groups responsible for approving requests of this type.
  • Save each rule to enable automated access management upon approval.
    • The Configure Access Rules window inside the Access and Governance Automation Workflow app

4: Set Up a Dedicated Access Request Portal (JSM Project) If You Don’t Have One

To keep access requests separate from general IT support tickets, it’s best to create a dedicated Jira Service Management (JSM) project:

  • In Jira, go to Projects → Create Project.
  • Choose the IT Service Management template.
  • Name the project (e.g., Access Requests Portal).
  • Navigate to Project Settings → Request Types and create these request forms:
    1. Request Application Access
    2. Request Access Removal
    3. Request Access Change (optional, if needed)
  • Add custom fields of type List (Single Select) to your request forms:
    1. Application: Populate with integrated apps (e.g., Jira, Okta, AWS)
    2. Access Type: Populate with access levels (e.g., User, Admin)

5: Map JSM Fields and Statuses in the App

  • Navigate to miniOrange App → Portal Settings.
  • Map your dedicated JSM project and its request types within the app.
  • Link your custom Jira fields to the app configuration:
    1. Application
    2. Access Type
  • Connect the custom Approver User field (e.g., Jira’s Assignee field) to enable automatic assignment of approvers.
  • To automate workflows based on ticket progress, map Jira ticket statuses to corresponding app statuses:
    1. Approved: Jira status that triggers approval and access provisioning.
    2. Denied: Jira status that marks the request as denied in the app.
    3. Revoked: Jira status that initiates the access revocation workflow.
    4. Declined: Jira status indicating the request was declined in the app.

This mapping ensures seamless synchronization between Jira ticket updates and automated access governance workflows.

The Customer Portal Configurations window inside the Access and Governance Automation Workflow app

Troubleshooting

If you encounter issues:

  • Verify API credentials and permissions for integrated applications.
  • Check workflow configurations to ensure correct approvers and conditions are set.
  • Review Jira logs for detailed error messages.

For additional assistance, refer to our support documentation or contact our support team.

Best Practices

  • Define Clear Policies: Ensure approval workflows align with your organization’s access policies.
  • Audit Logs: Regularly review audit logs for all access requests and approvals.
  • Role-Based Access: Use role-based provisioning to simplify and standardize access requests.

Did this page help you?

miniOrange Atlassian Contact Us

Book a Free Consultation with
Our Experts Today!

Schedule a call now!


Contact Us