How to Set Up Access Governance Automation App for Jira with GitHub

Pre-requisites

Before you begin, make sure you have the following:

• Admin access to Jira Service Management (JSM): Required to configure workflows, custom fields, and automation rules.
• Admin access to github : Needed to authorize integrations and manage access provisioning.
• Access Governance Automation app for Jira: Ensure the app is installed from the Atlassian Marketplace and properly licensed via miniOrange.

1: Retrieve GitHub Credentials

Create a GitHub Personal Access Token

The app uses a Fine-grained Personal Access Token to authenticate with GitHub securely for organization invitation actions. This token grants the app the minimum permissions it needs to invite users to your organization.

Follow these steps to generate the token:

• Go to GitHub → Settings → Developer settings → Personal access tokens.
• Click Generate new token under Fine-grained tokens.
• Set a Resource owner to your organization.
• Under Organization permissions, set Members to Read and write. This permission allows the app to send and manage organization invitations.
• Set an appropriate expiration date based on your organisation's security policy and generate the token.
• Copy the token immediately and store it securely. The token is shown only once and cannot be retrieved after you leave this page.

Find Your Organization Slug

The organization slug is the unique identifier for your GitHub organization and is used by the app to direct invitations to the correct organization.

• Open your GitHub organization page in a browser.
• Look at the URL and copy the organization name that appears after github.com.

For example, if your organization URL is https://github.com/my-org, then your organization slug is my-org. This is the value you will enter in Step 3.

2: Connect GitHub to the Access Governance Automation App

With the token and organization slug ready, open the Application Access and Governance Workflow app in Jira and navigate to the GitHub integration configuration screen. Enter the following details:

• Application Name: Used to identify it within the app.
• API Token: Paste the Fine-grained Personal Access Token generated in Step 1.
• Organization Slug: Enter the organization slug identified in Step 2.
• Application Admin: Select the Atlassian user who will be responsible for managing this connection.

Once all fields are filled in, save the configuration and then test the connection.

After Setup

Once the integration is configured, the app automatically handles the provisioning flow. When an access request for GitHub is submitted through the Jira Service Management portal and approved, the user is automatically invited to your GitHub organization, no manual invitation process is required from the admin.

Important Notes

• This integration currently supports organization invitations only. Users will receive a GitHub invitation email upon approval of their access request.
• Future versions of the app will extend this to support removing users from the organization and managing team-level membership.

3: Portal Config — Set Project, Request Type, Fields, Statuses for Access Requests

Configure the Jira project, request type, fields, and status names used by access workflows. Complete this before creating automations.

• Jira Service Management Project: Select the JSM project used for access requests.
• Request Type: Select the request type within the chosen JSM project. This determines which custom fields are available.
• Access Level Field: In the selected JSM project and its request type, create a new custom field of type Select list (single choice). Then select that field here. It will store values like "Application Name - Access level".
• Approver Field: Map the custom field that holds the approver for the request raised.
• Status: Map Approved and Denied status names used by your Jira workflows.
• Click Save Settings.

Access Level options are added to your Jira field when you save a workflow. On app rename, related options are removed and recreated automatically to reflect the new app name.

4: Define Access Rules for GitHub

Once your GitHub integration is connected, the next step is to define access rules within the Access Governance Automation app for Jira. These rules determine how access requests are routed and approved for your application.

How to Create Access Rules:

• Go to Workflow Automations and click Create New Automation.
• Workflow: Enter a clear name and a short description.

• Access Request:
  1. Select Application.
  2. Enter an Access Level (e.g., L1, L2). When you save the workflow, the system will create the corresponding option in your configured Access Level Jira field, formatted as "Application Name – Access level".
  3. Choose an Approver (licensed, active user). The system stores the user’s accountId and sets it on the Jira issue in the Approver field you selected in Portal Config, when the selected workflow runs for the request.
  4. Enter the Access Group to be granted. This group must already exist in the connected application; otherwise the workflow will not run successfully.
  
• Review and click Save.

After saving, the Access Level option is created automatically if it doesn’t already exist.

5: Review Audit Logs for Compliance and Troubleshooting

Use Audit Logs to search, review, and export activity for troubleshooting and compliance.

• Open Audit Logs.
• Apply filters (Category, Initiator, Date/Range).
• Click Audit Log Actions to export audit logs as CSV/JSON/PDF.

Best Practices for Admins

Maximize the efficiency, security, and compliance of your access management workflows by following these recommended best practices:

• Use service accounts for provider tokens; rotate them regularly.
• Keep Portal Config consistent (fields and status names) across projects.
• Always test connections after credential changes.
• Name workflows clearly (e.g., "GitHub – HR L1").
• Review Audit Logs periodically and export for audits.