4: Set Up a Dedicated Access Request Portal in Jira Service Management
To keep access governance requests organized and separate from general IT support, it’s recommended to create a dedicated Jira Service Management (JSM) project for access requests.
How to Create the Access Request Portal:
- In Jira, go to Projects → Create Project.
- Choose the IT Service Management template.
- Name your project (e.g., Access Requests Portal).
Once the project is created, go to Project Settings → Request Types and create the following request types:
- Request Application Access
- Request Access Removal
- Request Access Change (optional based on your use case)
After creating request types, you need to add Custom Fields (List – Single Select):
-
Application: Lists all integrated applications
(e.g., Jira, Okta, AWS, Google Workspace) -
Access Type: Lists access levels
(e.g., User, Admin, Read-only)
These fields will power the automation rules and help route requests to the right approvers based on the selected app and access level.
5: Map JSM Fields and Statuses in the Access Governance Automation App
To fully automate access provisioning workflows, you'll need to map your Jira Service Management (JSM) fields and statuses with the Access Governance Automation app for Jira.
Follow these steps:
- In Jira, go to the miniOrange Access Governance app → Portal Settings.
- Select and map your dedicated JSM project and its relevant request types.
Link Custom Fields:
Map the following JSM fields to their corresponding fields in the app:
- Application → Maps to the integrated application name (e.g., Okta, AWS)
- Access Type → Maps to predefined access levels (e.g., User, Admin)
- Approver User Field → Typically maps to a JSM field like Assignee
Map Jira Ticket Statuses to App Statuses:
To automate the request lifecycle, link your Jira ticket statuses to the app’s internal workflow:
| App Status | Jira Ticket Status (example) | Purpose |
|---|---|---|
| Approved | e.g., "Approved by Manager" | Triggers access provisioning |
| Denied | e.g., "Rejected" | Marks the request as denied |
| Revoked | e.g., "Access Revoked" | Triggers deprovisioning |
| Declined | e.g., "Declined by User" | Marks the request as declined |
Troubleshooting Common Issues
Having trouble setting up the Access Governance Automation app for Jira with Okta? Here are a few steps to help you quickly identify and resolve common setup issues.
Check the following:
- API Credentials: Make sure your Okta token and domain URL are correct and haven’t expired. Confirm that the account used has sufficient permissions.
-
Workflow & Approver Configuration: Ensure that:
- Access rules are properly defined
- Approvers are mapped correctly
- The right request types and custom fields are linked
- Jira Logs: Check Jira’s system logs for detailed error messages or permission-related failures.
- App Status Mapping: Verify that ticket statuses in Jira are correctly mapped to app statuses (e.g., Approved, Denied, Revoked).
Need More Help?
- Refer to the official support documentation
- Or reach out to our support team for personalized assistance
Best Practices
Maximize the efficiency, security, and compliance of your access management workflows by following these recommended best practices:
- Define Clear Access Policies: Ensure that your approval workflows are aligned with your organization's security and compliance policies. Define who can approve which types of requests and under what conditions.
- Regularly Review Audit Logs: Enable and monitor audit logs to track every access request, approval, denial, or revocation. This supports compliance audits and helps identify potential misconfigurations or misuse.
- Implement Role-Based Access Control (RBAC): Configure role-based provisioning so users are granted access based on their job roles or departments. This reduces manual effort, ensures consistency, and prevents over-provisioning.
Did this page help you?