Add Jira Cloud actions
Stay organized with collections Save and categorize content based on your preferences.

When Jira actions are turned on, end users can ask the assistant to perform the following Jira Cloud actions:

Create Jira issues
Edit Jira issues

For example, a user could enter "create a jira story called 'Launch Project Y' in project ABC" or "update the title for jira ticket JCD-1 to 'Launch Project Y'" into your app. The assistant asks for additional details if necessary, and then asks the user to confirm the create or edit request.

The assistant can read and edit the following Jira fields through actions:

Field	Description
Issue ID	Required. ID of the issue to be modified, for example KAN-123.
Title	Issue title.
Issue type	Issue type.
Priority	Issue priority.
Status	Issue status.
Description	Issue description in Markdown format.
Component	Issue component.
Assignee	Assignee of the issue, for example user@google.com.

Set up authentication and permissions in Jira

Before turning on Jira actions, a Jira administrator must set up dedicated OAuth 2.0 credentials for actions in Jira. This is required to connect your Jira integration and allow read and write permission for actions.

Authorization clients for Jira actions are different than those for ingesting Jira data. They use different permissions and a different callback URL configuration. For how to set up authorization clients for Jira Cloud connectors for ingesting data, see Connect Jira Cloud.

These instructions explain how to create a client ID and client secret through the Atlassian Developer Console, configure the required OAuth 2.0 scopes, and set up permissions for users. Finally, retrieve your instance URL and ID, configure roles, and authenticate to read and write data between Jira Cloud and Google.

Create client ID and client secret

Sign in to developer.atlassian.com.
Click the profile icon in the top right corner and select Developer Console.
Click Create and select OAuth 2.0 Integration.
Enter a name for the app.
- Check the terms and conditions checkbox.
- Click Create.
Click Authorization.
In the Authorization type table, select Add for OAuth 2.0 (3LO).
In the Callback URL field, enter https://vertexaisearch.cloud.google.com/oauth-redirect, and then click Save changes.
Click Permissions:
1. Go to Jira API, click Add, then click Configure.
2. Go to the Classic scopes tab and click Edit Scopes. Select the following scopes, then save your changes:
  - Classic scopes:
    - read:jira-work
    - read:jira-user
    - write:jira-work
  - Granular scopes:
    - read:user:jira
Click Distribution, select Edit, and do the following:
- Select the Sharing radio button first to enable editing other fields.
- Fill out the remaining fields.
- Select Yes when asked: Does your app store personal data?
Select Settings to copy your Client ID and Client Secret.

Retrieve instance URL and instance ID

To get the instance URL:

Go to atlassian.net and sign in with your administrator account.
Select the app you want to sync. For example, sync the first app.
Find the instance URL, which is the subdomain in the address bar.

To get the instance ID:

Open a new tab, copy the instance URL, and append /_edge/tenant_info to the instance URL. For example, https://YOUR-INSTANCE.atlassian.net/_edge/tenant_info.
Navigate to the link to find the cloudId value. The cloudId is your Instance ID.

Set up permissions and roles

Sign in to atlassian.com with your administrator account.
Click the menu icon on the top left or go to admin.atlassian.com.
On the Admin page, click Manage users and go to the Groups page.
Click Create group. Enter a name for the group and create it.
In the Group product access section of your new group's page, click Add products to group.
For Jira, select User access admin as the product role.
For Jira Admin, select Product admin as the product role and save your changes.
On the Groups page, click Add group members and add users or accounts that the connector will authenticate as.

Obtain a refresh token

If you plan to configure Jira actions using the Google Cloud console, you don't need to obtain a refresh token.

If you need to use the API to configure your Jira actions, then a refresh token is required. To obtain a refresh token:

Go to your app in the developer console.
Select Authorization.
Select Configure next to OAuth 2.0 (3LO).
For the redirect URL, use a placeholder such as https://example.com.
To get a refresh token in your initial authorization flow, add offline_access to the scope parameter of the authorization URL. For example: https://auth.atlassian.com/authorize?audience=api.atlassian.com&client_id=your_client_id**&scope=offline_access**%20read%3Ajira-user&redirect_uri=https%3A%2F%2Fyour-redirect-url&state=%24%7BYOUR_USER_BOUND_VALUE%7D&response_type=code&prompt=consent
After you're authorized, you're redirected back to the redirect URL. On the address bar, you should see a query parameter called "code". Keep a note of its value.
Use tools such as curl or postman to send a POST request to https://auth.atlassian.com/oauth/token, with a JSON object with the following keys:
1. grant_type: authorization_code
2. client_id: your client ID
3. client_secret: your client secret
4. code: The code you got from step 6
5. redirect_uri: your redirect URI
You will get refresh_token in the response

For more about refresh tokens, see Implementing the refresh token flow in the Atlassian documentation.

Configure a Jira action

This section describes how to create a Jira connector for actions and enable Jira actions for your assistant.

Before you begin

Before you configure your actions, make sure the following steps are complete:

Your project must be added to the allowlist for assistant actions
A Jira administrator has completed the steps in Set up authentication and permissions in Jira and provided you with the following information:
- Client ID
- Client secret
- Instance ID
- Refresh token. Only required for creating Jira actions through the API instead of through the Google Cloud console. Google recommends creating actions through the Google Cloud console.

Configure Jira actions in the Google Cloud console

Google recommends creating actions through the Google Cloud console.

To add actions to your app using the console, do the following:

In the Google Cloud console, go to the Agentspace page.
Go to your app.
Go to the Actions page.
For Jira, click Connect.
Select a Jira instance.
If prompted, enter authorization information for your connector. This is only required if the instance has not been configured for an action yet.
Select which actions to enable.
Click Finish setup. Your action is displayed on the Actions page.

Create and enable Jira actions using the API

Google recommends that you create actions through the Google Cloud console. If you need to create actions using the API, do the following:

Create a Jira connector and configure it for search:

curl -X POST \
-H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type: application/json" \
-H "X-GFE-SSL: yes" \
-H "X-Goog-User-Project: PROJECT_NUMBER" \
"https://discoveryengine.googleapis.com/v1alpha/projects/PROJECT_NUMBER/locations/global:setUpDataConnector" \
-d '{
  "collectionId": "COLLECTION_ID",
  "collectionDisplayName": "COLLECTION_DISPLAY_NAME",
  "dataConnector": {
    "dataSource": "jira",
    "params": {
      "client_id": "{Client ID of your Jira integration}",
      "client_secret": "{Client Secret of your Jira integration}",
      "refresh_token": "{Refresh Token of your Jira integration}",
      "instance_id": "{Your Jira Cloud instance ID}"
    },
    "refreshInterval": "{ >1800 }s",
    "entities": [
      {
        "entityName" : "project",
        "params" : {
          "inclusion_filters" : {}
        }
      }
      {
        "entityName": "{attachment/comment/issue/worklog}" // Optional, you can build up to 4 different entities
      }
    ],
    "syncMode": "PERIODIC"
  }
}

Replace the following:

PROJECT_ID: the ID of your project.
COLLECTION_ID: the ID for the collection.
COLLECTION_DISPLAY_NAME: a display name for the collection.

Include action configurations in your Jira connector:

curl -X PATCH \
  -H "Authorization: Bearer $(gcloud auth print-access-token --project "PROJECT_NUMBER")" \
  -H "Content-Type: application/json" \
  -H "X-Goog-User-Project: PROJECT_NUMBER" \
  "https://discoveryengine.googleapis.com/v1alpha/projects/PROJECT_NUMBER/locations/global/collections/COLLECTION_ID/dataConnector?update_mask=action_config" \
  -d '{
  "name": "projects/PROJECT_NUMBER/locations/global/collections/COLLECTION_ID/dataConnector",
  "action_config": {
    "is_action_configured": true,
    "action_params": {
        "client_id": "{Client id from Jira integration}",
        "client_secret": "{Client secret from Jira integration}",
        "instance_uri": "{instance URI of your Jira instance}"
      }
    }
  }'

Enable Jira actions for your assistant:

curl -X PATCH \
  -H "Authorization: Bearer $(gcloud auth print-access-token --project "<var>PROJECT_NUMBER</var>")" \
  -H "Content-Type: application/json" \
  -H "X-Goog-User-Project: PROJECT_NUMBER" \
  "https://discoveryengine.googleapis.com/v1alpha/projects/PROJECT_NUMBER/locations/global/collections/default_collection/engines/APP_ID/assistants/default_assistant?update_mask=enabledActions" \
  -d '{
    "name": "projects/PROJECT_NUMBER/locations/global/collections/default_collection/engines/APP_ID/assistants/default_assistant",
    "enabledActions": {
      "projects/PROJECT_NUMBER/locations/global/collections/CONNECTOR_ID/dataConnector": {
        "actionInfo": [
          {
            "actionName": "create_jira_issue",
            "actionDisplayName": "Create Jira Issue"
          }
        ]
      }
    }
  }'