Integrate Aha! with Jira Server on-premises (integrations 2.0)

Aha! supports an integration with Jira so that records created in Aha! can be sent to Jira for an engineering team to work on. It is a two-way integration, meaning that as teams in Jira comment on issues and move them through the Jira workflow, in Aha! you receive updates.

You can integrate Aha! with many different types of Jira projects, but in this article we will focus on Jira Server, the on-premises Jira offering.

Click any of the following links to skip ahead: 

Integration structure

The integration uses the Jira REST API to create and update records in Jira while Jira webhooks are used to notify Aha! of changes in Jira. This allows Aha! to keep the record status and other fields in sync with Jira as defined in your integration configuration. Communication between Aha! and Jira occurs over HTTPS in both directions. 



Recommendations for network configuration

Following these recommendations is not essential, but doing so improves the usability and security of the integration.

  • Aha! makes asynchronous inbound calls to Jira, so the Aha! data center IP addresses must be allow listed in any firewall configuration using current IP addresses. 
  • Aha! requires a publicly resolvable, valid JIRA Server URL to link to in the integration.
  • Use split DNS for the Jira server — so the same DNS name can be used for access to Jira both inside and outside the firewall. In API responses that Jira sends, it includes the URL for attachments. If the URL provided by the server is only resolvable from the LAN, then Aha! will request attachments from the Jira server domain defined in the integration settings instead of the location of the attachment.
  • Use a web proxy for incoming requests to Jira so that the connection from Aha! can be terminated in the DMZ.


Recommendations for secure configuration in Jira

  • Create a new Jira user specifically for the integration. The credentials for this user will be entered into Aha! during the configuration setup. Doing so allows you to customize permissions, and allows you to trace any changes made by the integrations. All changes made in Jira by Aha! will be attributed to this user.
  • Limit the integration user's permissions to the Jira projects that will be used in the integration.
  • Use a JQL filter in the webhook configuration to limit the webhook to only send information for projects used in the integration.
  • Aha! can recommend a JQL query for you in the Enable step of Jira integrations 2.0. Once you have set up a Jira integration for each of your desired products, click the Generate recommended JQL query link to generate a JQL query based on your enabled Jira integrations. This recommended query ensures that only activities related to integrated projects are sent to Aha! from Jira. If you have projects that you do not wish to be shared with Aha!, then this filter will ensure that data never flows through the webhook.


Add additional security

2.0 integrations with on-premises tools have the option to include a client certificate for added integration security. 

To set a client certificate, open your integration settings and click the More options icon in the upper right, then click Set client certificate. From here, enter the private key and certificate — we recommend creating a private key and client certificate specifically for this purpose — and click Save to save your changes.  

Note: This feature will only provide additional security when the server that Aha! is communicating with validates the certificate. This is usually only possible with customer-configured on-premises integrations. Client certificate authentication is in addition to the standard username and password/token authentication and is not a replacement.


Was this article helpful?
2 out of 2 found this helpful