Bloomfilter Security

Jira

OAuth 2.0

Bloomfilter uses a standard three-legged OAuth 2.0 flow to connect to Jira. Once an authorized Jira user grants Bloomfilter access to their Jira instance, Bloomfilter connects to Jira on that user’s behalf and automatically grabs the data needed for analysis. This user is considered and admin user, from Bloomfilter’s perspective, since it must have access to all projects available to Bloomfilter. It is best practice that the account used for this connection have limited permissions; Bloomfilter mainly relies upon read access, write access is only requested to enable posting of comments.

An admin user in Bloomfilter need not have admin access in Jira, in fact they should NOT have deep Jira permissions.

If the admin user’s access to Jira is revoked, then Bloomfilter will no longer be able to pull fresh data from Jira. Additionally, if the admin user’s access to a specific project is revoked, then Bloomfilter will no longer be able to pull fresh data for that project. Through these mechanisms, clients of Bloomfilter have ultimate control over how their data is accessed.

Oauth Scopes

read:board-scope:jira-software

read:board-scope.admin:jira-software

read:issue-details:jira

read:issue:jira-software

read:jira-work

read:jql:jira

read:project:jira

read:sprint:jira-software

write:jira-work

https://lh5.googleusercontent.com/QUWFfa4LowX775DcnP-OI4Us61TOGTD8sTPQ9yoQibczzpAzWdIL1Dw5cDyxJPfqh9onWxrYQZN1_QK9fIzetenC5RTTfwqSwawOhCGtvpHgVv8x9Y45ww9b-rbvHSdXdix8aqPckXzpwFFS1kNReAo

OAuth 2.0 with Jira

Project Authorization

In addition to the admin user required to connect Jira to Bloomfilter, other non-admin users are recognized by Bloomfilter. Bloomfilter determines which users have access to specific projects in Jira and then authorizes them to the same projects within Bloomfilter. These users have dormant accounts which they are able to activate. The activation flow requires these users to verify that they have access to the email address specified in Jira. When these users lose access in Jira, they also lose access in Bloomfilter.