Securing Jira Rest APIs using JWT Tokens for JPMC

Securing Jira Rest APIs using JWT Tokens for JPMC

API Security for Jira Rest APIs using API/OAuth Token

Secure Jira REST API with certificate-based authentication using the miniOrange REST API Authentication add-on.

JPMorgan Chase & Co. (JPMC) is a multinational investment bank and financial services company that offers a wide range of banking and financial solutions to individuals, corporations, governments, and institutions worldwide.

Supported use cases and their solutions with our Rest API add-on

JPMC sought to bolster the security of their JIRA instance, recognizing the inherent weaknesses of password-based authentication and the potential vulnerabilities it posed. Our API Security for JIRA REST API add-on effectively addressed this concern and fulfilled their security requirements.

JPMC had several third-party applications integrated into their JIRA instance. Their JIRA architecture is multilayered and secure, and normal password-based authentication was not suitable. The OAuth provider that they used was not able to perform token-based authentication.

JPMC wanted a more secure way to integrate their applications using a third-party OAuth provider's JWT token.

How does it work?

At first, we did not provide any assistance to their OAuth provider. However, upon receiving a special request, we went above and beyond by tailoring our REST API add-on to cater to their OAuth provider's specific needs. This enhancement allowed us to grant support for their chosen authentication method.

To ensure the security of both internal and external JIRA REST API calls, we implemented reliable third-party JWT token authentication. This authentication mechanism guarantees that any sensitive data being transmitted through the APIs is only accessed by authorized parties. This ensures that data remains protected and confidential throughout its transmission, reducing the risk of unauthorized access or data breaches.

Key benefits:

They had multiple applications in their environment. The third-party authentication process became seamless and hassle-free

To simplify script integration and automate REST calls for JPMC, we devised a solution tailored to them.

The most important part is that the whole instance became more secure, and passwords without encryption were introduced.

In addition to rest API authentication, miniOrange also offers single-sign-On (SSO) and multi-factor authentication (MFA) to enhance security and protect against unauthorized access.
Users can sign into Atlassian applications with your SAML 2.0-capable identity provider. We support all known IdPs: Google Apps, ADFS, Azure AD, Okta, Salesforce, miniOrange, etc.

For JPMC, our product proved to be the best. What about you? If you don’t find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387 to find an answer to your question about Single Sign-On (SSO).