search
Sprinto DashboardAPI Reference

Jira Integration

Learn how to integrate Jira with Sprinto using OAuth or API key to automate ticketing, incident management, vulnerability tracking, project management, and access reviews.

Sprinto integrates with Jira to automate evidence collection, streamline issue tracking, manage incidents, support vulnerability workflows, and perform access reviews.

You can connect Jira in two ways depending on your use case:

  1. Ticketing, Incident Management, Project Management, and Vulnerability Scanner (OAuth-based)

  2. Access Review (OAuth 2.0 or API Key)

hashtag
Area overview

The Jira integration allows Sprinto to:

  • Create and update Jira issues.

  • Sync issue and project data for compliance tracking.

  • Monitor vulnerabilities via Jira workflows.

  • Review user access and application roles for access reviews.

Sprinto connects to Jira using secure authentication (OAuth 2.0 or API token) and only reads or writes data necessary for the selected automation.

hashtag
Sprinto Checks for Jira Integrations

Following are the available Sprinto checks for various Jira integration types:

Ticketing & Incident Management

Sprinto check
Required action

Ticketing system for change management should be setup

The following Sprinto check fails if no ticketing system is configured on your Sprinto account. How to fix: The check starts passing once a ticketing system is configured. Follow the procedure below to configure Jira as a ticketing system.

Change management ticket should have an assignee

The following Sprinto check fails if any change request tickets don’t have an assignee. How to fix: Assign a relevant stakeholder to the specified change ticket and ensure all tickets have an assignee assigned.

Reported incident should be closed in Jira

The following Sprinto check fails if any change ticket is detected in the “Open” state on the configured change management system. How to fix: Ensure the change request is actioned and closed from your configured Jira project.

No new change management tickets were added in over 30 days

The following Sprinto check fails if a change request ticket gets created over 30 days.

At least one change management system should be connected

The following Sprinto check fails if no change management system is configured on your Sprinto account. How to fix: Ensure at least one change management system is configured.

hashtag
Access review

Sprinto check
Reference procedure

Jira access should be removed for offboarded user

How to fix

User should be identified

How to fix

User access to critical system should be valid

How to fix

hashtag
Prerequisites

Before you begin:

  • Ensure you have admin access to your Jira account.

  • Identify your Jira domain (for example, yourcompany.atlassian.net).

  • If using API key authentication (Access Review flow), generate an API tokenarrow-up-right from Atlassian.

circle-info

hashtag
Note

The manage:jira-configuration OAuth scope requires Jira admin access.

hashtag
How it works

Depending on the integration type:

  • Sprinto connects to Jira using OAuth 2.0 (recommended) or an API token.

  • Required permissions are displayed before connection.

  • You review and approve access.

  • Sprinto begins automating controls and checks linked to the selected Jira use case.

hashtag
Method 1: Ticketing, Incident Management, Project Management, and Vulnerability Scanner

This method uses OAuth 2.0.

hashtag
Step 1: Navigate to Jira integration

  1. Log in to Sprinto.

  2. Go to Settings → Integrations.

  3. In the All tab, search for Jira.

  4. Click Connect next to Jira.

  1. Click Connect next to Jira – Ticketing, Incident Management, Project Management, Vulnerability Scanner.

hashtag
Step 2: Review permissions and data

A drawer opens displaying:

  • Controls automated

  • Checks automated

  • Permissions required

  • Data used by Sprinto

Review the details and click Next.

hashtag
Step 3: Connect using OAuth

  1. Enter your Jira domain.

    • Do not include https://.

    • Do not include paths.

    • Example: yourcompany.atlassian.net

  2. Click Connect.

  1. Log in to your Atlassian account.

  2. Review the requested permissions.

  3. Approve access.

You will be redirected back to Sprinto once the connection is successful.

hashtag
OAuth scopes requested

Sprinto requests the following Jira OAuth scopes:

  • read:jira-work – Read Jira project and issue data

  • write:jira-work – Create and modify issues

  • read:jira-user – Read user information

  • manage:jira-configuration – Read workflows and statuses

circle-info

hashtag
Note

The manage:jira-configuration scope requires Jira admin access.

hashtag
Method 2: Access Review Integration

Use this method to automate user and role access reviews in Jira.

You can connect using:

  • OAuth 2.0 (recommended)

  • API Key

hashtag
Step 1: Start Access Review integration

  1. Go to Settings → Integrations.

  2. Search for Jira.

  3. Click Connect.

  4. Select:

    Jira – Access Review

  5. Click Connect.

hashtag
Step 2: Review permissions and data

The drawer displays:

hashtag
Permissions required

  • Read Jira user

  • Read Jira work

  • Read application role

hashtag
Data used by Sprinto

  • Primary email

  • Status

  • Username

Review the details and click Next.

hashtag
Step 3: Confirm admin access

  1. Review the integration steps shown on screen.

  2. Select the I have admin access to my Jira account checkbox.

  3. Click Connect to Jira.

A pop-up appears with two authentication options.

hashtag
Option A: Connect using OAuth 2.0 (Recommended)

  1. Select OAuth 2.0.

  2. Review the requested permissions and click Connect.

  1. A Jira authentication window opens.

  2. Log in to your Atlassian account.

  3. Click Connect.

  4. Approve access.

You are redirected back to Sprinto once the integration is complete.

hashtag
Option B: Connect using API Key

  1. Select API Key.

  2. Enter the following:

    • Jira Email Address

    • API Token

    • Jira Domain (for example, yourcompany.atlassian.net)

To generate an API token, follow Atlassian’s official guidearrow-up-right.

  1. Click Connect.

The integration becomes active once validated.

hashtag
Post-connection flow

After successful integration:

  • Jira appears as Active under Integrations.

  • Sprinto begins syncing relevant data based on the selected use case.

  • Automated controls and checks linked to Jira are triggered.

  • For Access Review, Jira can be monitored under Access → Overview if required.

You can manage or disconnect the integration from Settings → Integrations.

hashtag
Troubleshooting

hashtag
I do not see the Connect button enabled

Ensure:

  • You have the required Sprinto permissions.

  • You have Jira admin access.

hashtag
OAuth connection fails

  • Verify that you entered the correct Jira domain.

  • Ensure pop-ups are not blocked in your browser.

  • Confirm that your Jira account has admin access.

hashtag
API Key authentication fails

  • Verify the email address matches your Jira login.

  • Regenerate the API token and try again.

  • Ensure the Jira domain does not include https:// or additional paths.

hashtag
Permission denied error

This usually occurs if:

  • The Jira account does not have admin privileges.

  • The required OAuth scopes cannot be granted.

Ensure your account can grant:

  • manage:jira-configuration

  • read:jira-work

  • write:jira-work

  • read:jira-user

If issues persist, contact Sprinto Support with:

  • Your Jira domain

  • Integration type used (OAuth or API key)

  • Screenshot of the error message

Please contact Sprinto Supportenvelope If you have any queries related to the integration or need any assistance.

PreviousJumpCloud IntegrationNextJustworks Integration

Last updated