Security
User credentials | Our solution does not require to provide any remote user credentials. All changes are made on behalf of (local) Technical User account. Changes are made via JIRA REST API and JIRA JAVA API but those calls are internal (within the same server). | |
Data exposition | You don't expose any additional information except defined in your Synchronization Scheme. | |
Communication control | You can stop communication at any time and no data will be read/write to your JIRA, invalidating Setup Connection URL & User configuration. | |
API access | Communication between JIRAs is only via plugins API (no direct access to JIRA REST API methods). | |
Authentication | Authentication is made by the token provided in Connection's configuration. | |
SSL | SSL is recommended and supported. Check how to deal with SSL. | |
Verification | Incoming network communication must match Connection's URL provided by JIRA administrator. | |
Firewall | If one of JIRA cannot be exposed over network use active-passive Connection setup (Setup Connection URL & User). Communication is bidirectional even when one JIRA is behind firewall. In that case 'Active' JIRA (one that can see the public JIRA) do push and pull. | |
Middle | Our solution (Server-Server) does not use any intermediate server (like SMTP) to send-receive data. So all your data are stored in Jira only. |